The Mosher Timeline

Patrick Courrielche has done an interesting timeline on the outing of the Climategate emails here, here, here in which Mosher’s busy November 17-19 has been publicized for the first time.

I thought that it would be useful to collect my own memory of the events while it is still relatively fresh, which I’ll do today. In doing so, I reviewed contemporary blog comments, reconciling the various blog times to a common time zone, and reviewed the timeline with Mosh, Lucia, Anthony and Jeff Id, in order that it would be as accurate as possible.

Mosh has a forthcoming book on Climategate that I haven’t seen and which will amplify the story. In addition, Bishop Hill has an excellent book that I have seen that was finished before Climategate, written in his usual lucid style that should be published this month as well.

The Public Record So Far
Here’s what is publicly known so far about the release of the Climategate dossier.

On Nov 17, according to NASA blogger Gavin Schmidt, the dossier was uploaded to realclimate in the very early morning (Eastern). [This was originally said by Gavin to be 6.20 am Eastern, but subsequently changed to 7.20 am Eastern]. At 7.24 am Eastern (5.24 blog time), a comment by “RC” was placed at Climate Audit saying that “A miracle has happened” with a hyperlink under RC linking back to the zipfile temporarily ensconced at realclimate. The link was so subtle that no Climate Audit readers appear to have downloaded the zipfile. No one mentioned it at the time and the first person to publicly refer to this hyperlink was … Gavin Schmidt.

The zipfile wasn’t up for very long at realclimate as Schmidt appears to have quickly learned of its presence at realclimate and quickly quarantined it. Later that day, a RealClimate author (presumably, the pervasive Schmidt) notified CRU, a unit of the University of East Anglia, of the existence of the dossier.

The next evidence of the dossier is in the evening of November 17 just before 11 p.m. Eastern, when links to a Russian FTP site with a short covering commentary were posted as comments at Warren Meyer’s blog ( (8.47 pm blog time – 10.47 eastern?) and Jeff Id’s blog (10.57 Eastern; 9.57 pm blog time). The comments appear to have been unnoticed at the time. JEff Id was away deer hunting on Nov 17 and didn’t notice the link on his return, with the first two posts on his return (here, here) on totally unrelated topics.

Presumably reacting to Schmidt’s information, the University of East Anglia began to take security precautions, that affected both CRU and puzzled third parties at the university, including a Climate Audit reader who contacted me.

The record that is public to date picks up again on November 19 at Lucia’s blog with Mosh front and center. At 2.55 pm Eastern (1.55 Lucia blog time) , Mosh posted the first comment recognizing the contents of the emails, pointing in turn to the Jeff Id’s where the hyperlink was located. Mosher:

It contains over 1000 mails. IF TRUE … 1 mail from you and the correspondence that follows.

And, you get to see somebody with the name of phil jones say that he would rather destroy the CRU data than release it to McIntyre.

And lots lots more. including how to obstruct or evade FOIA requests. and guess who funded the collection of cores at Yamal.. and transferred money into a personal account in Russia

And you get to see what they really say behind the curtain.. you get to see how they “shape” the news, how they struggled between telling the truth and making policy makers happy.

you get to see what they say about Idso and pat micheals, you get to read how they want to take us out into a dark alley, it’s stunning all very stunning. You get to watch somebody named phil jones say that John daly’s death is good news.. or words to that effect.
I don’t know that its real..

Lucia downloaded the files and at 3:09 Eastern (14:09 blog time), Lucia made the first blog post on the topic entitledReal files or fake? Lucia:

Steve Mosher alerted us to an interesting development: Some one dropped a link to a zipped directory of files that contain what appear to be emails between various bloggers and climate science illuminati Of course this may be some sort of scam. If so, someone spent a lot of time putting together fake email/code etc.
…
I’m currently clicking and reading. It’s all rather amazing. I’m tempted to load it up and let google crawl it. Or paste into the blog software. That would make it all searchable.

But first, I’d like to know if this stuff is real or just utterly fake junk.

About 20 minutes later (3: 28 pm Eastern, 14:28 blog time), Mosher started posting up individual emails at Lucia’s, posting up one email after another until 3:45 pm.

Little in the climate blogosphere eludes the watch of NASA blogger Gavin Schmidt and the posts at Lucia’s blog definitely didn’t.

At 3.48 pm Eastern, only twenty minutes after Mosher posted the first CRU email, Schmidt sent Lucia a threatening email (“a word to the wise”), warning her that she might get “questioned as part of an investigation”. Perhaps the idea of involving U.K. Counter Terrorism Intelligence Officers had already been contemplated. Gavin used a columbia.edu email as part of the continuing pretence that Gavin was acting as a “private citizen”, but the routing of the email was from a NASA server. Gavin:

Lucia, As I am certain you are aware, hacking into private emails is very illegal. If legitimate, your scoop was therefore almost certainly obtained illegally (since how would you get 1000 emails otherwise). I don’t see any link on Jeff-id’s site, and so I’m not sure where mosher got this from, but you and he might end up being questioned as part of any investigation that might end up happening. I don’t think that bloggers are shielded under any press shield laws and so, if I were you, I would not post any content, nor allow anyone else to do so. Just my twopenny’s worth

Gavin

Lucia wasn’t intimidated by Schmidt (though she thought about Schmidt’s the legal issues. See her subsequent posts.)

Starting at 4:05 pm (blog 2:05 pm) and continuing off and on for the next couple of hours, Mosher posted up more emails at Climate Audit.

Update Jan 13: As a reader observes below, CA readers following Mosher over to Lucia’s and thence to Jeff Id’s reached a temporary dead end. Jeff Id, uncertain of the situation, had quarantined the comment. But by then, the page had been cached at Google. Jean S looked at Google, found the link, downloaded the file and topped off readers at Lucia’s that the link was still in the Google cache.

At 4:32 pm eastern (13:32 PST), Anthony, then at Dulles Airport en route home from Europe, broke the story at WUWT.

Like many other readers of the various sites, I followed the pointers to Jeff Id’s site and downloaded the files on the afternoon of Nov 19. While I’d had a sort of preview, I was still unprepared for what I encountered. Because I was intimately familiar with the context of so many of the emails, they were that much more shocking to me. I spent a few hours browsing the contents, hardly knowing where to begin. Needless to say, the CA server was immediately jammed and it became very hard to sign on. My first comment after seeing the emails was at Lucia’s (7.08 Eastern, 6,08 Lucia blog time). A few minutes later (7.14 pm Eastern; 5.14 CA blog time), I managed to sign on to CA where I simply said: “unbelievable”. Then I went out to Thursday squash league.

Meanwhile, Jeff Id temporarily took down the link, restoring it at 10.05 Eastern (9:05 pm blog time), with a covering post here.

The Dog That Didn’t Bark
What’s missing from this picture?

Uh, isn’t the climate blog that gets by far most traffic (WUWT) strangely absent from the events of November 17? Does it make any sense that the source failed to post anything at WUWT?

No, it doesn’t. And that’s a clue that clears up some of the apparent puzzles in the Mosher timeline, one that I’ll fill in from my perspective today.

On the evening of November 17, at around the same time that links were placed at Jeff Id’s and Warren Meyer’s, the same comment with the same link was also sent to WUWT, a moderated site, where it caught the attention of moderator CTM, who notified Anthony right away. Both Anthony and CTM downloaded the dossier. Anthony was in Europe attending a conference and didn’t want to do anything until he was back in the States and pledged CTM not to disseminate the FTP link until he was back in the States. As a precaution, CTM made CD copies of the zipfile, giving one of the copies to Mosher, who began poring over the emails, which at that point were not in a searchable format.

About an hour or so later, very late on November 17 Eastern, they called me. They started telling me about some of the contents- I couldn’t believe my ears. I didn’t keep notes, but Mosh says that asked me to confirm emails attributed to me – which I did, that we talked about some of the Wahl and Ammann emails – ones that haven’t been dissected yet – and some of the Santer emails. They didn’t give me the FTP link, leaving me in suspense.

The next day, I learned from a CA reader at the university that something very strange was afoot at the university involving CRU.

By November 19, Mosher had been poring over the emails for two days almost non-stop and was chafing to get the information out. By then, Anthony had left Europe. At about 2.40 pm, moderator CTM alertly noticed the link to the Russian FTP site in an unrelated thread at Jeff Id’s and notified Mosh. Ten minutes later, Mosh started stirring the pot at Lucia’s and thus Climategate.

Deepthroat
There are a couple of points where people need to get their expectations back on track.

To the best of my knowledge, neither Mosh nor CTM had (or has) the faintest idea of who assembled and released the dossier – other than speculations from their experience with computers. Nor do I. I talked to both Mosh and CTM on the late evening of November 17, when they were in the first throes of reading the emails. There is no doubt in my mind that they knew nothing of the source other than CTM knowing the Russian FTP link.

Nor should the deepthroat speculations be taken too far. Mosh is of a generation that remembers Watergate. The Watergate deepthroat merely confirmed to Woodward and Bernstein that they were on the right track and didn’t actually give them original data. In this case, the University of East Anglia was, in effect, their own deep throat. On November 18, no one knew for sure whether the dossier was genuine. The efforts of the university on November 17-18 to secure their servers attracted attention and these actions reassured Mosher that the files were genuine, much as the original deepthroat reassured Woodward and Bernstein that they were on the right track.

At the start of Climategate, I said that I didn’t have any idea who prepared or released the dossier. Nor do I now. Nor, to my knowledge, do Mosh, CTM, Anthony, Lucia, Jeff Id or Gavin Schmidt.

Postscript: NASA blogger Gavin Schmidt – and frequent CRU correspondent – gave the first Team response at about 12.50 pm Eastern on November 20 here . Blogger Schmidt now conceals the posting time of his posts; however comments start arrive at about 12.55 pm Eastern and arrive quickly, leaving little doubt of the posting time. It’s well worth re-reading. As are the original statements from UEA over the next few days, especially here.

Update Jan 13: Mosh commented that the retrospective timeline doesn’t fully do justice to the uncertainty on late November 17 when no one knew that Gavin had already seen the emails or that links were on other blogs. Quite so. Lucia wryly points out more directly Gavin’s critical role in confirming the probable authenticity of the emails (a role latent in the above timeline). It was Gavin’s notice to CRU of the existence of the dossier that caused CRU to harden their security (and thus provide confirm the probably authenticity of the dossier). Thus, Gavin, in addition, to being his own Mystery Man, would be the deepthroat’s deepthroat. As Lucia says, “The irony!”

560 Comments

Thanks for your informative post Steve. Really clarifies the time lines and the players. I remember seeing the odd comment of “A miracle has happened” while getting my daily dose of CA, but I never thought anything of it (other than it was an odd comment). Little did I know what was coming and how that little post was part of something much larger.

I, too, remember seeing the “Miracle” post, a few minutes after it was made, as I was reading the thread and refreshed my browser to catch the latest comments. I remember mousing over the link, but didn’t activate it as it went to Real Climate, and involved downloading a file. I was on a computer I shared with others, and they are not interested in the science of climate, so I did not download the file. Now I wish I had.

Paul Hudson linked to a particular climategate text file and said that was the ’email string’ he received.
Paul was not on the cc list of those emails. He was just the topic of a few of them. That particular text file has been quoted for ‘..we can’t account for the lack of warming and it’s a travesty…’

Very nice steve. There was one more reason why seeing the file out in the wild was very very important to me. It had to do with this. We went through a lot of speculation in those early hours. was this real? was it all real? was it a trap? hey we had to think of everything. When we found it on the airvent that told me.

1. The files were real.
2. they werent released to WUWT exclusively

So, I could stop doing cross referencing of timelines between your posts on CA
and references to CA in the mails ( internal consistency check) and we could all stop being concerned about a trap of some sort. At one point I was even going to call some of the phone numbers in the mails to check if they were real. And I had legal advice that said dont do anything till you know they are real, and even then you cant be 100% certain that every bit is true.

Obviously you had a deep distrust of the source of the files.
If it had been a hacker from outside, you would have been less suspicious of the files’ authenticity. But you were awfully damn suspicious, weren’t you? The source was someone that could not be trusted, and so you treated the files like a good deed coming from an arch-enemy, afraid it could blow in your face.
This leads me to believe the source is a CRU insider.
You may not wish to disclose the source, but step by step we’re gonna narrow it down and find him/her/them out.
I personally think this person ought to be made known.

Steve: The premise that Mosher “may not want to disclose” is wrongheaded. IMO there is convincing evidence (which I know from contemporary discussions) that he doesn’t know. Mosher got thefiles from CTM who downloaded them from the Russian server, where the present trail ends.

The idea that the recipients “know” the source of the data is ludicrous. There’s no logical reason for that to be true – in fact, caution is exactly what would be indicated if the source was truly unknown.

I guess that’s the end of it then.
I was hoping for it to be some disgruntled turncoat at CRU or something dramatic like that. I guess it’s still quite an amusing ending. Anyway – thanks to the P2P Network for their tenacity and great result!

Given the ordeal Damian Green was put through, and the lack of accountability of the UK’s National Domestic Extremism team, if the source of the files was a whistleblower or other CRU insider, then it should be left to him or her to decide when/whether to go public. They have performed enough of a service to be allowed to decide whether to sign up for 24 hours in the cells under intense interrogation, rather than be outed for the sake of our curiosity.

Reading this brings back the emotions I had that day: disbelief, then confirmation of what my instincts had felt all along, and then relief. I still remember the pink clouds at sun rise the next morning looked more beautiful.

Unbelievable! I wonder what would have happened were it not for the efforts of Steve, Steve, Anthony, Jeff, Lucia and many others – including “Deep Throat”?

Of course, to keep it all in perspective, here in Australia, with the efforts (connivance?) of the MSM and our Government, the man in the street is blithely unaware of all this. And, because it is summer here, we are continually being told how hot it is.

Dear Leogh, it was people (i.e bloggers) echoing Mosher’s, McIntyre’s, Lucia’s, Anthony, Jeff’s, etc. In most of the cases they translated the developments that were happening (things changed very fast). Also they added their own opinions, similar to those you can find from this blog, WUWT, etc.. The local commenters did their own search in the email database, looking mainly if some “local” were visible among the hundredths of e-mails (e.g. Zorita. I can give you a few links if you wish.

One small comment. I remember early on in ClimateGate that Gavin had said that there had been four downloads from RC before that link was broken. Unless the link was placed somewhere other than CA, four CA readers DID download (or start to download) that file. I can’t see any reason not to believe Gavin’s comment about the downloads.

Steve: This remains unexplained. Gavin has not been very forthcoming about these events.

Bender has said he hit the link and didn’t download the file. he explained this for the first time yesterday in a comment over at Lucias. I would say that maybe one of the hits would be a test. Imagine. This link was hidden obscurely. over 12 hours would pass before he Posted the comment at the various blogs. In those hours he might have wondered if the link was working.

“I saw the FOIA.ZIP link within an hour of its posting and did not pursue it because I am in the habit of avoiding these two things: (1) zip files from unknown sources, and (2) anything coming from RC. Had the description been less cryptic, I would have bit. ”

Actually, for correctness, I explained it for the first time at that alternate blog that McIntyre had put up during the meltdown. I decided to explain a second time so that people could do the math on the 4 hits and count me out.
.
My timeline. I snapped up the file on the evening of the 19th along with everyone else, once it was clear the file was probably safe. I figured it would be pulled. On the morning of the 20th I emailed McIntyre and Liljegren expressing my skepticism that real scientists would actually talk this loosely. Then I recognized some of the emails as genuine and my skepticism waned. Then the timelines started fitting too well to be wholly faked. Then the number of typos seemed too frequent and consistent to be faked. Then the intricate structure of the team dynamic seemed too real to be faked. By the evening of the 20th I figured a very large percentage were not fake, but still did not discount the possibility some of the most incriminating were fabricatd or doctored.
.
IMO the file to read is “Harry”. Go feel his pain if you haven’t already. Feel the loathing.

Bender: This was my experience also. Except that toward the end, I realized that this was such a momentous leak of damning information that the person responsible would not have adulterated the content or defeated his purpose by putting in a smattering of bogus emails. Either much of it was faked and a hoax, or it was all authentic.

I also hesitated to accept the authenticity because of a lack of response from the other side which suggested it might be a trap, a “trick” that was being played on skeptics. We know now that their silence meant that they were as stunned as we were at the release of such revealing and possibly inculpatory information.

The “trap” or trick hypothesis was high on the list from Nov 17th to the 19th. Anthony was out of country. In Europe. In our minds ( anthony, charles, steve mc, me) this file had only been pointed to in one place: WUWT. and it was being held in moderation. At one point as I grew more and more sure it was real and more and more demanding, Charles had to remind me that One of Anthony’s concerns was that it was true, but a trap. I had no way of ruling out that hypothesis. Except when we found it on a another site and looked at the stuff CRU was doing. Then stuff fell into place. It was true, and it had not been a targeted release to WUWT timed for Anthony’s visit to the EU when he would be off US soil.

All in all, we did not take this file at face value. we audited it as best we could, under a variety of hypotheses.

I neither uploaded nor downloaded. I downloaded on the 19th. I’m so mistrustful that if I saw a file called FOIA.ZIP posted at RC but advertised at CA I would assume something malicious posted by an extremist alarmist. Something nasty from, say, the kind of person that would like to “take me into a dark alley” …

Now, if I were mann, I would have seized upon this bristlecone, would have seen that a couple mails confirmed my bias and stopped looking after finding the mail about daly. one mail would have confirmed the whole lot. but then I’m a skeptic. err lukewarmer

Early on in the piece, it was reported that “the data” were sent to Paul Hudson, the BBC’s weatherman, on 12th Oct. A few days after the posting, the Beeb, aware of the implicit reproach to its investigative rigour, acknowledged receipt, saying they had deemed the parcel un-newsworthy. If the BBC had in fact received nothing more than a smattering of emails, surely they would have taken the opportunity to say so?

The parcel later posted included more recent emails.

This raises a number of questions:
-What exactly did the Beeb receive?
-What do they know about how it reached them?
-If it was a smattering, how strongly can we assume that the 12 Oct and the 16th Nov leakers are one and the same?
-Whether or not it was a complete set or a smattering, why would anyone believe the Beeb would deal diligently with it?
-If it was an earlier saved version of the file eventually posted, does it not strongly suggest an insider with knowledge of the location of a file being compiled either to satisfy or to frustrate an FOIA request, and able to access a very recent version on at least one of at least two occasions?
-And if the two leaks were by the same leaker, he had 5 weeks to plot his posting, and may be thought to have scripted it with great care. On two occasions he seems to have involved organisations (RC and BBC) who would be expected to frustrate his efforts – why?
-And if they are different leakers, that means TWO sceptics decided the best way to blow the whistle on the Hockey Team was to involve two different hostile organisations? (sorry I can’t be bothered to defend “hostile” in regard to the Beeb)

Steve: I am getting very bored with this Hudson thing. AFAIK he merely confirmed in effect that one of the emails was real.

This issue was also cleared up at tAV. Apparently the BBC guy got only one set of emails from one scientist which happened to match the zip file. He never had any of the more interesting stuff from the FOI documents. Rather than claiming foreknowledge of the events, the reporter was simply saying he had a set of emails which matched one set of what had been released.

The focus on Hudson seems to belong to the ‘BBC red herring’ school of damage limitation – attempted fig leaf for those caught with their pants down and the media spotlight firmly trained on their vitals, courtesy of a vast tranche of by-now verified emails and code in the public domain. Compared to that blinding light this muddy puddle ain’t worth a second look – unless Hudson publishes what he received in October and it really adds something. Till then it’s a non-story.

Something minor to add from my part. I happened to be logged in CA, when Mosher started commenting over here. I went (as I suppose many other people) over Lucia’s and Jeff’s, but couldn’t find the file (Jeff had taken down the comment already). Being bit annoyed as Mosh and Lucia where not giving the address but still posting the content, I decided to take a look at Google Cache. Bingo! The comment at Jeff’s was archieved there, and I was able to download the file. After quickly checking that it seemed “real” to me, I deciced to post the link (Comment#23742) to Lucia’s to let also other people have their hands on the file. Then it really started spreading… 🙂

Correct. I couldn’t see it either, but IIRC, it was that link that you put up that I eventually downloaded. I think that was the first mass gateway, but within a day it was available in searchable form, so I never even bothered to unzip the file.

I find the initial posting here with the link to the FOIA.zip file at RC almost divine. It was on a thread called “Miracles and Strip Bark Standardization” which had a cartoon showing scientists at a blackboard with a step in the calculation saying “and then a miracle occurs”. Then at 5.24am the all important posting simply said

A Miracle Just Happened

Not even an exclamation mark. Someone subtle (too subtle in fact) and with a sense of humour. So cryptic yet so magical.

Yes a very ironic sense of humor. Remember that CA readers like puzzles. Remember that we are a curious lot. Since people like odd little things
let me point out another oddity which I havent talked about publically

What is the mirical post about?
Who wrote the presentation that steve discusses?
which dendro is he connected to?
who suggested the paper was a good one for steve to look at?
which dendro appears on the thread on Nov 17th.

Answers: Brian Luckman’s presentation on ‘inhomogeneity in the tree ring record created when the tree was scarred by a glacier’. He supervised fellow dendro Rob Wilson’s thesis. Erasmus de Frigid (Erasmus of Rotter-dam would that now be?) had suggested Steve look at this in a previous thread in the early hours of 16 Nov. On 17 Nov RC’s cute notice announcing the miracle was followed by Rob Wilson himself appearing on the thread, contradicting Steve’s own expectations the night before.

What does it all mean? I know it was once again my birthday on the 17th November and that is clearly of global importance … but as for the rest I can’t quite see the pattern. I’m sure help is on the way.

I’m glad you went to the same trouble I did trying to see if I could find any
clues to who dunnit.

As you can tell by now my approach to things is to look for oddities.

The “its a miracle post” looked odd to me in the whole flow of the blog.

Why did Steve do that post? so I go back. he credits a reader. An odd
reader, infrequent poster. anonymous poster with an odd name.
Rob wilson shows up. way odd. he’s a magnet for regulars.

The comment its a miracle is odd. and the fact that whoever had this
file had access to both CRU and RC was odd.

I don’t know. I puzzled on this for a while. I called steve about it. Hey saw nothing either. But I was trying to figure out if anything in the way
this all came down could give me any clue to the identity of the person
who got the file out of cru. Bottom line, if I knew I would not waste
heaps of time running down dead alleys.

I’ve always thought that Briffa was involved in this. He knew that his data was being perverted to suit the goals of others and wanted no part of it. To Jones, Mann et al Briffa was merely a means to an end. Perhaps he is the only true scientist at CRU?

I finally ruled Briffa out because of some of the mails which raise questions about his dealings with the russians. But implicating onesself in wrong doing is the perfect defense for deflecting suspicion.

So, you want my best briffa plot in 30 seconds…

Briffa appears to be the most doubtful of the MWP.
he has some arguments with Mann early on about their differences.

Triangle: Jones, Briffa, Mann.

Jones publishes with Both, but Briffa and Jones are in the same university. Jones is kinda caught in the middle.

Jones starts to come over to Mann’s view of things. Poor Briffa.
he gets butt hurt.

Briffa gets LA on chapter 6.

Overpeck demands something better than the hockey stick.

Briffa says the science hasnt advanced since TAR. More pressure.
Then you get the pressure to crowbar the Jesus paper in.
why? to save Mann.

Then Briffa passes Wahl the reviwer comments in confidence so that Wahl can check on briffa objectivity.

For me that is very telling about briffa’s character. Not the violation of the process, but the consciousness that he may be losing his objectivity. That’s his identity.

Steve is the one presurring briffa to show the decline. wow, that
creates a bunch of tension between jones and mann and briffa one can imagine.

In the end you have the whole Holland FOIA storyline, which focuses precisely on the communications around chapter 6 and briffa is at the heart of this.

in 2009, he’s back in the limelight, lots of life pressures, Yamal on his neck, RC on his neck to get him to post.

I’d already accepted it wasn’t Briffa wot dunnit but I’m still learning quite a bit from the storyboard here Steve. There can be benefits from informed speculation in other words. It’s not just a game (as I’m sure you know).

Speculation does give one hypotheses to test against the record. For example, the way I recall the FOIA hypothesis going down was this. The file looked like a
file collected to comply with a legal request. But that made no sense to me
when I looked at my FOIA requests. Talking to Steve on the 18th, he said,
“hey, I have a FOIA rejection letter from the 13th”

The other thing, for example, is the writing of the FOIA comment.
That’s written by somebody who has read through the files to some extent and understands a bunch of issues ( hints at the SRES for example) and the whole keenan affair. definate CA esoterica.

When I read the prose leading in I get the sense of some lone guy
working who is trying to sound like an organized group. Like the kidnapping letter in the Patsy Ramsey case. “we hereby” is just not right. The other oddity is the “limited time offer, download now” just the kinda tone that gives. Not a lot to go on for a profile, I have another idea how to go at the profile and that is through CA demographics.
But obsviously computer savy. Ironic sense of humor.

Maybe to computer savvy. If it is just one person it would have to be someone like Harry. Someone who knows the science and is clever with computer technology. Maybe 2 people. Working together but independently, each doing what they are best at. Lots of trust and confidence in the other persons abilities.

We have a policy of adding new maillist recipients to the Bcc: field. Many people don’t want their email address spread around, and we don’t want to start a brohaha. Could be as simple as that. Nevertheless, a look at those emails might turn up something interesting…

My involvement is merely a coincidence. At the time we were hot on the trail of trying to explain the gigantic growth spurts in the strip bark bristlecone pines. I did some research on Google and found the Luckman vu-graph presentation, which Steve put on the site with the funny And Then A Miracle Happens cartoon. I think the whistleblower must have found that amusing.

I suspected you for a bit. I’ll tell you why. It’s like the criminal suspect who like to witness the crime scene. You know the guy standing in the crowd who actually did the crime and waits for police or fireman to show up.

So when the link “RC” showed up on the its a miracle post I started
to look at how that post came to be. It was kinda odd to begin with.
Rob wilson was mentioned ( did you know rob? were you a rob sock puppet?) etc etc. Then I saw that you had a very sparse commenting
history. Then I looked at other people “on the scene” myself, steveMc
etc.

In the end its all a coincidence. Anyways.. for I while I thought you might have had something to do with it all. hey, I was casting about for theories,

Another small fact to add – the low traffic blogs are most likely to be un-moderated. Spam filtered yes, no human intervention save an automatic email to the blog owner when a post is made. Moderation is actually a lot of work, and I certainly find it easier to clean up the occasional post after the fact.

Also, if it were a mole, his job, once he’s got the product to the mule, is to sanitise his steps to make sure he’s not discovered and not any other thing.
That would suggest that the outside player did all the posting on the blogs and zipping and fxping to servers with spicy tlds.

“To the best of my knowledge, neither Mosh nor CTM had (or has) the faintest idea of who assembled and released the dossier – other than speculations from their experience with computers. Nor do I.”
I don’t know why, but I have doubts with this statement.

So Mosher got the CD from the WUWT moderator and it was confirmed that the emails were genuine by the CRU securing their servers and notifying their personal that information was on the internet? Is that all about Mosher’s role? Sorry, can’t see a Pulitzer Prize here….

Personally I downloaded the FOIA file on Nov.19th via the Russian FTP server which adress I got from the AV site. There were some other personal, climate unrelated files on that server, did anyone analyzed these in order to establish the identity of the hacker/leaker? I couldn’t see any link with CRU.

Steve: One important aspect of Mosh’s role that we haven’t discussed yet was his role in choosing the “Greatest Hits” – which is how the news broke.

I was also puzzled by the adulatory tone of Breitbart’s Peer to Peer Review three-parter regarding Mr Mosher. It was an immense privilege to be handed one of the first CDs containing FOI2009.zip. No doubt he’d earned that trust – and Mosher seems to have been the first person outside of UEA (and presumably Gavin Schmidt) to realise quite what dynamite it contained. I’ve also appreciated Steven’s recent arguments here on CA that Climategate has to have been an inside job, not least because of the cute decision to hack RealClimate to kick the game off (a point that has always seemed dead obvious to me, however much spin about nefarious hacking has been employed). All good stuff. But Patrick Courrielche goes well over the top. The man with the deadpan expression at the top of this thread fits the heroic billing rather better, given all the facts. There again, I don’t think adulation is his thing.

And I would again like to reiterate that I gave the file to Steven Mosher because he was far more qualified than myself to evaluate it and interpret it. He had far more previous knowledge of both the CA threads to which it pertained as well as the programming and statistics knowledge to keep everything in perspective. I have not yet read the manuscript, but if anyone can sift through these thousands plus emails and pull a coherent story out of it, it is Moshpit. I look forward to reading the book. I do expect a complimentary copy.

As I commented over at WUWT one reason for telling the whole story of how the file got out to us BEFORE we release the book is this: the who dunnit doesnt matter.
we dont know. I dont want anybody buying the book expecting to find out some deep secret about an insider at CRU. they wont. Everybody I know who played a role gets a chance to tell their story before the book comes out. on the internet.
Charles will be the last. he was the first that I know of. and the first that he knows of.
Pulitzer? not even close to my expectations. Finish a book was my only expectation. Grateful for that. More grateful than you can imagine, to charles and Steve and anthony and lucia and tom. Now, I will go back to scribbling in the margins of blogs like a cartoonist at mad magazine. Its what I do best.

Nothing I said above implies anything but the best wishes with the book, Steven, which I assume could be extremely important in helping the masses to grasp the kinds of issues very familiar to old-timers on Climate Audit. Indeed I hope it’s a smash.

C’mon Mosh, admit it, you’ve intensly enjoyed your 20 minutes of fame. Look alone at the title of this thread: “The Mosher Timeline”. Compared with Woodward and Bernstein by our buddy Courrielche. I got the impression that I wasn’t the only one expecting the coming out of the leaker after your enigmatic messages. The outcome was a bit of a anti-climax. Why the secrecy of who gave you the CD being it the WUWT moderator?

All in good spirit though, I hope your and Fullers book will get good response and sales.

Not so much. I realized when the files hit charles hands and then mine, that people would think we had something to do with it. After all I run around calling for open data and open code and BAMM it manefests itself in my hands or at least some stuff does. The other thing I knew was that no matter how this tale was told it was going to be a shaggy dog story.
hey I like tristram shandy. There is a lesson in shaggy dog stories.
people havent got that yet.

Re: Steven Mosher (Jan 13 14:14), I replied to Dominic’s comment yesterday saying “now THAT would be sweet!” but the comment seems to have been eaten.
A simpler possibility comes to my mind though (we do this kind of thing in IT for fun).
Assume Jones leaves the office and doesn’t lock his workstation. Joe W Blower walks into the office, sends FOI.zip from the directory where it has been assembled via FTP to Real Climate using the user/password contained in the email from 23 October, turns and walks out of the office. The total time is perhaps two minutes and Dr. J is the “hacker” since his account was used. No need for stolen passwords or hacking/cracking skills.

Re: Steven Mosher (Jan 14 05:07), A random thought: Does anyone have the time stamp on the top level directory at RC that contained the FOI.zip file?
The “miracle” post had the file at the root of the tree so a directory listing would give us the upload time.

RC could check their FTP access logs, of course, but I don’t see the info coming from that quarter somehow.

RC could help fill in some of these details. I suspect they are cooperating with the authorities. Which means someday we may have to FOIA those files from the police. Not on my agenda, because who did it doesnt matter. except for fun figuring it out.

At around 6.20am (EST) Nov 17th, somebody hacked into the RC server from an IP address associated with a computer somewhere in Turkey, disabled access from the legitimate users, and uploaded a file FOIA.zip to our server. They then created a draft post that would have been posted announcing the data to the world that was identical in content of the comment posted on The Air Vent later that day. They were intercepted before this could be posted on the blog

Re: charles the moderator (Jan 14 07:00), Perhaps. It doesn’t really change much, simply add a proxy in the middle from the desktop to RC.
What I’m actually speculating though is that perhaps the FOI.zip file was dropped at RC and only later the “draft post” was submitted via the usual blog interface. That is, two steps, one FTP from CRU and then the blog posting that was moderated.
If the archive was stashed on RC it could then have been fetched from there to distribute to other locations via proxies. The point of the exercise being a simple, plausible mechanism to get the data out of CRU and onto the Internet without comprimising the identity of the person doing the actual transfer.

Re: Greg F (Jan 14 08:33), With respect to the user/password at RC: indeed my bad!
I would be very surprised if the CRU didn’t have bandwidth enough to upload 62MB in minutes. However, the DOS FS indication in the ZIP archive would seem to point to a USB stick as the source of the content, and thus against a network except for the “car on the roof” aspect.

In my view the person or persons involved in releasing the files have demonstrated far higher then average computer literacy. As Mosher has pointed out, the files were cleaned of any evidence that could be used to track back to the creator. The use of untraceable proxys, hacking of RC, and the creation dates of many of the files as 1/1/2009 are just a few of the hints that the whistle blower(s) is/are computer literate.

The files were zipped on an OS that uses a fat file system. This has nothing to do with flash drives. Were talking Win 95, 98, ME or OS2. Very doubtful that any of these systems exist at the university. Odds are any computer geek has at least one CD of one of these OS’s kicking around, ditto for small 20G or less hard drive.

RAR vs. ZIP.

RAR requires a 3rd party application to extract. Extracting ZIP files on modern versions of Windows or a Mac do not require any additional applications. Why make it harder for the potential audience? Also, all the skeptic blogs that the zip file was posted on were U.S. based.

ya, specifically, the bleaching of the timestamp. Doesnt make sense for an external hack to do this, “unless of course he wants to make it appear that its a guy on the inside concerned about people looking at creation times to narrow down who was in the office at that time or logged on at that time.

It’s possible (and indeed, I still do) to use either Win2k or XP in FAT mode. I do it to stay compatible with an older version of an expensive geology data modeller – too expensive to update for no real gain

I forgot about that. XP allows you to build it with a FAT32 file system. A lot of machines were upgraded to XP from Win 98 and kept the FAT32 file system at least for a while. Converting a FAT32 XP to NTFS is simple and painless, I have done a number of them.

There were different FAT file versions. Win 95 was initially released with FAT16 and was upgraded to FAT32. There was an earlier version FAT12. I went back to Duke C’s post.

0 host operating system (0=MS-DOS and OS2 FAT)

OS2 used a files system written by Microsoft called HPFS. OS2 lost out to Win 3.x so my initial thought is that HPFS was close to FAT16. OTOH the zip file was created with “pkzip 10 version” which is fairly new and according to Pkware is only for IBM’s i5/OS also know as OS400. That OS dates back to 1998 with the last upgrade in 2008. Even more interesting, it’s a server OS. I would say, provided the info Duke supplied is accurate, that eliminates the Windows machines or any workstation being used to create the zip file.

Maybe I’ll poke around some more when I have time. I’m not sure the system could be accessed under the current circumstances (if it even is at UEA). Also see James Gibbons post below – I wonder if there are multiple zip files?

Can’t say the version of FOI2009.zip that I have is the file from the FTP server (got it from another link), but if you look at the internal ZIP properties they indicate the files were zipped from a Unix system and that the access flags would have made them readable by any user of the system. These were not zipped from a DOS/WIN system. Here is the dump for one file:

Thanks, Jim. Much better analysis. Can you dump the central directory header and take a closer look? my template is somewhat ubiquitious with no detail documentation. And it should be noted that the source is FOI2009.zip which appeared around Nov.20th. I downloaded it from the link posted by “foia mirror site” at Jeff Id’s blog. FOIA.zip made it’s entrance on Nov. 17th. Far as I can tell, the contents of both are identical. I was ready to speculate that Mosher was responsible for creating FOI2009.zip using Windows on his laptop and taking it viral. But based on what he’s posted on this thread, and your analysis, I’ll have to hold off a little bit longer…

My judgment so far has been a pretty high level of redaction: although the end result contains some of the mundane it’s much less than likely to ‘occur naturally’ in an email archive of over ten years, implying quite a bit of time on someone’s part prior to 17 Nov. Now I know about potential criticisms of Phil Jones over obstruction of FOI in the summer I accept that such an effort could have been initiated by the UEA authorities. But there was effort expended. More than a long weekend’s worth from lunchtime on 13 Nov, surely?

On wednesday the 18th when steve and I were discussing this ( lucia and I also discussed this on her blog) the S/N ratio ( we didnt use that term, but I will here) was intrguing. On my first pass through my reaction was
“every mail has nuggets!” this had to be put together by a human. Over time as I went through each mail ( many times) it became clear that a bunch of mails were nullities. The out of office replies sealed it for me. At some point in the discussions ( me & mac) and then me and lucia, are considered judgement ( I recall, err ya) was that the file looked to be the result of..

1. an automated program that collected mails by sender/receiver
WITH a human redaction as a post process. But some mails
that are mere housekeeping are left in. sloppy work.

2. An automated program that collected mails by sender/receiver
OR hits on key words.

the keyword filter would be built from a glossary of words from
CA. this would give the file the look and feel of being collected
by somebody interested in the topics of CA.

Very interesting. You’ve looked at many more of the emails than I have, which is the only way to form a view on the distribution as well as ratio of signal/noise. Option 2 would I suppose allow access to have been gained on Friday 13th (it would have been hard to make this up, including that date), a quick filter written, the data files selected, all ready for release on 17th. One bright but disillusioned programmer would do. But was it?

1. could re reverse enginer the filter structure from the output structure.. err probably not conclusively as I dont have
access to the “reject” pile. underconstraned.

2. Too many authors to look at frequency counts..
But I did think about doing a comparision of Zipfs for CA
versus Zipfs for the mails. Not sure what the eff that would show.
you know how I think bender, intuitive/analytic ( must guard
against confirmation bias)

It was spooky for me because when I entered this debate on RC ALL I TALKED ABOUT were the SRES.

So you go through this stupid little paranoid thing ( confirmation bias ) where you think.. “They designed this file especially for ME ME ME.” then you return to sanity. All the mails on the GCMS and the SRES.. I dont even touch in the book. Thats another heap to understand. reading through all these mails repeatedly and then reading ALL OF CA ( crap bender you and dano had some fun fights back in the day ) kinda wiped me out. It’s like holding a 10000 page book in my head written by 52 authors. Climate Talmud

I went to Sonja B-C’s E&E link. There I eventually found a paper by Castles & Henderson – which wasn’t really a paper, but a series of correspondence, that I planned to use for “Part 2” of the above Much to my regret I merely bookmarked it, rather than d/l … but there is a later paper responding to critiques & “extending” their original.

It’s all about the faulty foundations of the SRES – and the IPCC’s “response” (which has an all too familiar dismissive ring to it)

So, (with apologies to Charles Dickens) ….

Put the case that someone totally outside the CRU crew had been doing some independent research and had figured out – and was thoroughly disgusted by – what had been going on (anyone with common sense would be able to spot the problems). Put the case that this person either had the skillset required to “grab” the files [restore from backup tapes, perhaps?] or at least knew someone with appropriate access who did – and/or had been gathering nuggets for some time.

Considering that communication probably also took place using other means besides emails (water fountains, cafeteria, pub, telephone, hallways, open doors, etc), and considering that it’s not unreasonable to think that the decision on the FOI request might well have been communicated to Jones on the 12th (or even the 13th in the a.m.), he doesn’t strike me as the type who would keep such “good news” to himself.

Put the case that Jane W. Blower – one way or another – got wind of this decision, decided that it was time to strike and she and/or her accomplice spent the next 4 days putting the package together … After reading Castles & Henderson, I would probably want to filter on SRES and the key players.

From where I’m sitting, the emails served primarily to confirm that which all you great sleuths had uncovered about the “science” over the years. FWIW, When I first read Castles & Henderson (even though I’m not an economist – or a “climate scientist”) I was astounded. So, I came running over here wanting to shout Eureka! – until I found the post I mentioned above … then I decided to bide my time.

The very last, from Jones to Compo, makes some claims and cites some numbers that would interest an auditor. Discrepancies in Siberia, for example.
.
The style of delivery (“miracle”) and the content delivered seems to be highly tailored to Climate Audit discussions. A whistleblower with a conscience reacting to an unjustly refused FOIA. Imperfect filtering (but high SNR) suggesting a job dne in haste, but by somebody who knew pretty well what a CA audience would want to see.

CA was chosen first as an outlet and the whistleblower must have been suprised, frustrated, anxious at our oversight and/or hesitancy to snap up the file and devour it. Hence the posting later that evening at other sites. With a much more urgent header “limited time offer”.

yes. the poster ALSO followed up with a comment to WUWT
basically asking Charles ” what the eff” why isnt anybody talking about this. Charles covers this in his recent post. Charles probably told me about this at the time, but I didnt recall it till he posted just yesterday. There is a “chinese” wall of sorts that we erect relative to WUWT stuff. he does his moderation stuff at WUWT, And I stick to CA and lucia. The file kinda kicked a hole in that wall.

One can understand the guy’s pain at that point. But it’s often like that, the inside and outside of a complex systems situation. Including all the politics in this case. To the whistleblower it was crystal clear how important this was and, without knowing much he had risked (a major feature of the case we can’t know because of his anonymity), he was bound to feel anxious, at the very least, about complete loss of the opportunity. Who’d like to meet some of the CRU correspondents in the dark alley we’ve seen them discuss, when they knew you’d tried to bring this stuff to the world’s attention and failed. At least the person(s) concerned now have millions of friends and supporters worldwide as a counterweight to those less than pleasant thoughts.

(Sorry for the gender-specific language. I make no final assumptions on that or anything else.)

“The style of delivery (“miracle”) and the content delivered seems to be highly tailored to Climate Audit discussions.”

I agree. Whoever did the selection and sorting of the E-mails must have been a dedicated CA reader since such a large fraction provide backstory to specific CA sagas. Not much has been made of this observation to date.

Nice to have that rather mysterious item, ‘a CD sent to Steve Mosher’, cleared up!

I was imagining all sorts of thing when I read that first, like envelopes being checked for DNA by the police, stuff like that.

I am still quite amazed that nothing is known about the sender of this file – speculations here and on other blogs are just that, and to me seem to be, if not a waste of time then just letting one’s imagination run along the lines of some thrillers.
Meanwhile there is certainly more work to be done – I await eagerly the next dissection by steve mcIntyre!

From Charles first finding the file in moderation at WUWT evening Nov17th
His call to me went out at 7:02PM [ PST; 10:02 Eastern: SMc ]
to my work with the file from shortly after that time until Nov 19th 11:55 PSt [3:55 pm Eastern]
when I posted to lucia.

Steve has told his story. Charles his. Jeff, lucia, Anthony has given me quotes for the book. bender even came forward. No need for the police to do any more interviews. Unless, they are interested in other things like my funding. So,
You hear that Norwich police? if you want to “solve” the crime everything I know
is now posted on the internet. If you want to know if I’m supported by anybody? well first off none of your damn business, and secondly
no.

Actually, I think it’s very possible that it was a hole somewhere in CRU’s security. Everything about this – from the places where the zip files were loaded, to the fact that nobody seems to have a lead on who the actual initiator is, reeks of hacker-level computer knowledge.

As we know, large organisations sometimes have bus-sized holes in their security. Someone with the appropriate systems knowledge could have spent a leisurely few weeks browsing around and downloading all of this data.

These days, there are trails left everywhere. In order to avoid being tracked down, you need to be GOOD! The fact that whoeever did this has not yet been discovered means that they are good – plenty good enough to find and exploit an opening in the CRU server.

I really think this “inside job” thing is being pushed too hard. Most insiders (except real computer geeks) would have been tracked and caught loooong ago.

You’re assuming a lot of things here. If the archived material was assembled for review with an eye toward FOI request fulfillment, the resulting files would most likely not be left on the machine where they are archived (since access to these are generally tightly controlled by the IT people), but moved off to a machine where access by non-IT types wouldn’t present a larger system security issue. These tend to be set up around group permissions, and I’ve seen plenty of security / access issues with these types of machines. Depending on it’s normal uses, accounting may be turned off for better performance – especially likely if it was decided to use an old, lightly used system as the temporary review repository.

BradH – while a level of auditing and tracing is probably the norm for a large commercial organization like a bank, it’s unlikely that a government funded university has anything like that level of sophistication in place. From what I’ve read, the researchers have control over their own FTP sites, something that would never happen in the commercial world because of the security implications. Things like file copy audits, cd burners directory browsings and the like are not necessarily installed at a place like CRU. They probably don’t have a very granular system of permissions at all – most likely an ‘in/out’ system. As in, once you’re given a logon, you’re in and have access to all the data. It would appear as though the emails are from either an email servers logs, or from a backup of the email. Email servers often have lax security because everyone has to connect to them to send/receive email, and it’s a pain to lock them down and still have email working. Or, the file could have existed already as a response to a FOI request.

My point is that most universities don’t usually have that level of sophistication in tracking who sees what. The IT departments in universities are often poorly resourced and treated as second class citizens by the academics. If this was a bank I’d agree with you, but because it’s CRU I don’t. It could easily be an insider. Even if the insider learnt of Phil Jones’ password and used that. You’d be surprised how many people will tell you their password if you ask them. Even the use of a proxy to post up the information to the russian server wouldn’t be that hard to learn, just a matter of searching and experimenting.

There may of course have been many holes in CRU security. The question is, can they account for the following?

The source had a admin password for RealClimate on 17 Nov. The contents of FOI2009.zip had been redacted by someone with intimate knowledge of the battles Steve McIntyre and others had become involved in from around 2002, but going right back to relevant material in the late 90s. Someone it seems had access to Phil Jones’ email account right up to the week ending 13 Nov. But someone (either the same or friendly with them) must also have found the time to edit the resulting historic mess for a long while before release. Put these things together with the fact that no hard evidence of outside hacking has been presented by UEA, despite ‘illegal break-in’ becoming an almost desperate mantra from the earliest days, presumably to avoid the unwashed masses drawing the conclusion that not only the science isn’t settled, one of the insiders hates the phony consensus so much they’re willing to go to these extreme lengths to bust it open … and I’ve never rated the outside operation theory one bit. But I’m biased. This way the story is much simpler, much more dramatic and does maximum damage to people that it’s clear thoroughly deserve it. Brad H and those like you, your motive is?

There were elements of “script kiddie” technical expertise, as harold calls it, but no more than could have been picked up one evening in the right kind of Norfolk pub. I for one have always been careful to call the person(s) responsible whistleblowers. They have done all of us a massive favour. They need all the legal (and perhaps other) protection they can get if their identity is discovered. The term implies that the law should go easy on them and that the general public – hapless target of ‘AGW mitigation’ on the back of crude pseudo-scientific propaganda like the hockey stick from the Team – should regard them as heroes. Brad H and those like you, you want to criminalize them because?

I wouldn’t make that assumption. RC uses WordPress that has a known security hole that allows access through resetting of the admin password. The drawback with this is that WordPress sends an email to notify the administrator that the password has been reset. It is a rather trival hack, even a cave man could do it.

A possible scenario. The hacker gained access to RC through the password reset hole most likely in the early morning hours. Due to the size of the zip file it may have taken a few hours to upload. The blog administrator, which is presumably Gavin, would have gotten an email that the password had been reset. So Gavin gets into work and sees the email that the password was reset. He attempts to login but can’t since the hacker has disabled all the accounts. Gavin calls the person who administers the server to regain control of the blog. RC sometime after goes offline to update the blog software.

It seems to me even if the hacker had one of the users password that the above hack would still be preferable. Using a known username and password would significantly reduced the list of possible culprits. It is also not clear that all the users would have had admin privilages that would have allowed them to disable all the user accounts.

So you’re saying that any cave man can gain admin control of any WordPress blog at any time? And that Matt Mullenweg and the good people at Automattic haven’t got around to fixing this er, feature?

Well, without exhaustive checking (such as taking over CA for the afternoon), I don’t believe you. But even if this were true, it doesn’t invalidate what I wrote. It add one more possible explanation of one of the known facts. You don’t it seems have anything to say about the others, all of which are looking for the most plausible overall explanation. Which, as before, I think is blindingly obvious.

The whistleblower obviously had access to peoples email accounts. So, he logs into WordPress, has it send the admin password (the “I forgot my password” feature), it emails the password to the administers account, the whistleblower checks the account, gets the password reset, logs into WordPress and uploads the file.

The logic is sound.

He’s not saying that any moron can log into any WordPress blog and take it over. He’s saying that you can try to take over a WordPress account by having it mail the password to the admin email account. The problem is that you need access to the admin’s email account. … Which the whistleblower did!

And there you have it in a nutshell…
Physical access or root kits Copy the drives/files as you see fit…. …and then you have climate gate. Obtain the web password theough the email receive it, delete it — walk away with the files…

Those of us who have done this probably think it’s best not to lay out all the methodology — but whatever…

Agree that that computes but it remains fairly peripheral as to whether it was an inside job. But then I suppose, a bit like Phil Jones redefining peer review, the moment the person posted to RealClimate they were no longer an insider, they had become an agent of the hated anarcho-denialists, Mossad, the Russia secret service or equivalent.

So, he logs into WordPress, has it send the admin password (the “I forgot my password” feature), it emails the password to the administers account, the whistleblower checks the account, gets the password reset, logs into WordPress and uploads the file.

No. The hack doesn’t just reset the password, it gives you access, the administrator still gets the email. If you could get into the admin’s email it would only make sense to delete the email so the admin would be none the wiser. I am suggesting the email is what clued Gavin in that something was up.

So you’re saying that any cave man can gain admin control of any WordPress blog at any time? And that Matt Mullenweg and the good people at Automattic haven’t got around to fixing this er, feature?

This security issue was discovered in one of the more recent versions of WordPress and was fixed.

WP frequently has various security issues and sends out patches. Some people don’t update.

In addition to updating my software, I have also placed an .htaccess file in my wp-admin folder that only permits itemized IP’s into the admin area of my blog. This doesn’t ensure no one can hack, but it helps. Dreamhost does something similar for my entire account panel.

Thanks. As I thought, such a gaping security hole didn’t last long – and my hunch would be that RealClimate has the funding and the paranoia to plug such holes faster than most. But all that’s conjecture – as you can see I have nothing like an inside track in this area.

What’s more interesting to me is how our minds tend to go down well-worn tracks. Start by thinking that Climategate is the result of super-smart hackers and such obscure loopholes in WordPress (obscure to me, for one, who’s never tried to set WP up and to administrate it – note you’re the technical one in this space and I’m the neophyte) become highly relevant. Think UEA inside job and a password in an email is the obvious springboard for the attempt to take over RC on 17 Nov.

What’s been very helpful on this thread is to have various of my own assumptions challenged. I’m less clear than ever who did what and why – but I still love the result.

I don’t remember which email it was, but there is one where the writer put his user name and password in the email so the recipient could access some data. I’m more inclined to believe that someone at CRU left a password lying around. I believe Keith Briffa has access to RC as a contributing editor.

Re: Richard Drake (Jan 13 07:58),
Richard:
Like you I have a design, technical, math and programming background — so I can acept your premise and conclusion easily. If you are saying that physical access of insider is the best explanation — I concur. A good root kit can do wonders, but physical access is better. When people have lost passwords, or a system won’t boot I routinely mount drives in another system (Linux or Windows) and pull of email files (hidden sometimes) and all the data files –as a courtesy aid to them. It’s quite straightforward. Even if the hard drive has a partial failure this works.

Give a day or two to prep for an opportunity (writing parsing programs), then wait for the physical opportunity etc… I suspect that even under pressure I could have copied the files then created a program to obfuscate the email source and had it done in a weekend.

Remote access slows down the process and requires good system control of the target workstations or server.I’m with you on this one, and could have done the work myself given a trusted position (or not even that trusted). This does not look like a script kiddy — not in the least.

Professionally — I would never do what I am describing — except maybe this once.

As for the RC hack — I suspect that I would have found a password given access to CRU.

So my sense is physical access is not necessary but made it 95% faster and gave 100% ability to do what was done.

We’re all technical people nowadays and I’m no whizz on Internet security. But my feel for the balance of probabilities is similar, and for more than the reasons given here. Most crimes are opportunistic, the police always tell us in London. Who was most likely to spot such opportunity (without of course wishing them to be viewed as criminals in the end)? Who on earth would have started to attack the CRU systems from outside thinking it was likely that something like this would result? What would they think were the chances and at what expense? I also find it very difficult to conceive of a single FOI request that FOI2009.zip was collated to meet – or the circumstances in which it was painstakingly collated, only for those ordering the work to change their mind (as I’ve heard posited fairly frequently). The simplest hypothesis is that one person – perhaps at most a team of two – on the inside decided to spend the time and opportunity only they had to lift the lid on the ‘climate consensus’ in a way the whole world would notice, because they knew they had a real chance of succeeding.

I also find it very difficult to conceive of a single FOI request that FOI2009.zip was collated to meet – or the circumstances in which it was painstakingly collated, only for those ordering the work to change their mind (as I’ve heard posited fairly frequently).

I too have a problem with the single FOI request. I think it more likely that there were multiple FOI folders all stored in the same location. It is also possible that some of the files were pulled off shared drives within the CRU that everybody had access to.

I’m a lawyer who is sometimes involved in litigation. It would not be unusual for me to request a client to assemble a set of all potentially relevant documents so that I could later review them to determine what is privileged, what might be useful to me, what might have to be disclosed, and what I consider damaging that I can legitimately avoid disclosing.

That said, there certainly may have been more than one FOI request in process, with the whistleblower doing some picking and choosing.

The email server is not limited to storing in one format. Text format, for the purposes of searching and satisfying FOI requests, seems to make the most sense. Wouldn’t need to copy the whole directory. Just do a search and copy what comes up. Do a search for an email address and everything sent or received by that person is at your finger tips. The time stamp is nice since it insures everything lists in chronological order.

CRU had a history of unsecured FTP sites and other security issues–a university research site does not do high level security. They are more worried about virus and spam. My view is that the folder was in fact compiled with respect to FOI requests, but that they did not secure it well. They will not find anyone to prosecute (prediction).

I agree, Craig, that it was a file compiled for the FOIA request – a file to be deleted if the request was ever granted. Too much of the stuff is image destroying for it to have been prepared to give to someone like Steve, Jeff or Anthony.

the archiving program called ZIP is not common in europe and not preferred by anybody who regularly transmits files or archives data.
RAR is the archiver of choice for almost everybody except Americans.
(RAR stands for Russian ARchiver and it’s preferred because it will create volumes in any size and can add recovery record or PAR files so it’s possible to repair a corrupt file- not to mention it compresses better.)
The only possible reasons for a sophisticated person to use zip is if the server filters rar files (or if one wishes to deliberately plant that seed of American identity).
But there was also no need to put this file on a Russian server when there are lots of free file hosts that – in Europe the obvious choice is rapidshare.de.
Also, they were not delivered to wikileaks, which would have been a natural choice as well.
These things indicate the focus of the exercise was really quite personal.

The host OS was MS-DOS. More than likely a Windows machine. UEA runs on a Unix platform.

All 4500+ files have the same embedded archive creation date/time. Midnight on Jan. 1st., 2009. Doesn’t seem plausible that a UEA/FOI employee was sitting in his/her office on New Year’s eve and created FOIA.zip by hitting the enter key precisely at the stroke of midnight. More than likely, the archive creation date was modified by the leaker when the files were zipped.

The central directory name, FOIA/ which appears to be an artifact. All 4500+ files contained in FOI2009.zip came from the same FOIA/ parent directory.

IMO, these three items would indicate that the files were compiled over time, and were washed at least twice. It kind of points away from a complete FOIA zipfile haphazardly left on a CRU FTP server.

Not all. Many in the “documents” folder retain their creation dates. One in particular “EURO4M_DoW_v2.doc (by Albert Klein Tank)” was created on November 11, 2009 at 09:23:36 – shortly before the FOIA release. Perhaps the whistle blower/hacker did not have time to scrub the metadata from all the files.

The FOIA/documents/ folder creation date is 1/1/2009 at midnight. It wouldn’t be necessary to scrub the last modified date/time of each file in that folder since it would only lead back to the originator of the file, not the leaker.

When I dump the detailed properties of FOI2009.zip using WinZIP 8.1 it indicates most of the files were zipped using a Unix version of ZIP. The main FOIA directory has permissions making it readable by anyone on the system. Only some of the later files didn’t indicate they were zipped on Unix. They could have been added to the nix zip file later from a DOS system.

When you dump the file using Winzip it first lists the directories and local files w/ header attributes, then lists it a second time with the checksum test results. Line 3 (version made by:) is dropped during the test run. The second half of the dump will appear to be Unix-less.

Re: tty (Jan 14 03:02), I too find the statement about zip files being rare in Europe very strange. Working in the UK I see zip files regularly (several times a week) and rar files very rarely (once a year or less).

I think it was established that those emails came from the archive of the email server, which only requires access (by an IT admin or worker) to grep everything in a minute.

Apart from the email archive, the other files may possibly be a separate collection ‘value added’ to that from one or more personal archives of materials obtained from public access FTP.
If there is anything ‘never.before.seen’ among the other files, I’ve not heard it remarked.

Steve: someone suggested that many of the documents were attachments. Dunno whether this is true.

In the few cases I’ve been involved in in which someone dumped FOI-requested materials, they didn’t say beforehand that they would. No a priori confessions.

In those cases I’ve been involved in where information was not turned over as it should have been for whatever reason, the perpetrators left no trail at all. People who are really desperate to keep something secret generally are desperate to keep it secret all along, and they don’t talk about it lest the talk should raise suspicion. When the data are deleted or destroyed in those cases, they don’t preserve copies anywhere.

I think, in court, Jones’s statement would stand to indicate he did NOT intend to delete files, and probably didn’t. Not that I expect this to get to court on that issue (it’s more likely to get to court on the issue of stealing the e-mails).

Actually, my feeling that it may be a hacker is not so much from the fact that they managed to gain access in the first place (take British “script kiddie” Gary McKinnon, who had no particular skills). It comes from the (so far) relatively untraceable file drops and postings drawing attention to them. The average computer user couldn’t pull that one off.

I don’t have any more special info than anyone else, however everyone seems to be starting from the assumption that it’s an inside job. Well, there are certainly elements which suggest this was the case. All I’m saying is that there are elements which suggest it could have been an outside hack. I don’t think the inside job case has been even close to proven.

I find the roles of Gavin Schmidt to be especially perplexing and questionable.

He is a US government employee.
He co-sponsors a propaganda blog with Dr. Mann.
In general, he seems to work hard and communicate a lot, so he is really at the epicenter of public relations and spin.
He was quick off the mark to control the zip file to Real Climate.
And then he writes what seem like threatening emails to private citizen bloggers, though he surely knows the emails are indeed valid, since he appears in many.

Gavin seems an arch part of the conspiracy.
And he is presumably a paid government employee.

Why is a United States government employee spending so much time on what I assume is a non-governmental, unofficial website (Real Climate)? And communicating threats to members of the public (bloggers)? How is this appropriate behavior?

I recall when NASA managers blew up not one, but two, space shuttles. The first time, those in charge of launch, did not understand that cold shrinks rubber O-rings that served to protect the shuttle from leaking flames associated from the launch rocket. In effect, they could not understand the importance of cold.

The second fiasco involved loss of ceramic tiles that protect the shuttle from the extraordinary heat stress of re-entry to the earth’s atmosphere. In effect, NASA at a senior management level also did not understand the importance of heat.

So why should citizens have confidence in NASA employees about Global Warming? Especially when they dedicate prodigious time to trying to spin or threaten the public, via unofficial, unauthorized, non-governmental channels?

In the first failure, political considerations (keeping up the launch schedule) overrode the engineers concern over the cold weather. In the second failure the managers couldn’t understand how a light piece of foam could cause the damage, until an engineer rigged up a foam gun and fired some at high speed at a wing to prove the damage. Seems that NASA management doesn’t have much respect for science and engineers.

I also don’t like the way NASA lied about the first failure, saying to the media the astronauts were instantly killed in the explosion and didn’t suffer. Several had hooked up their oxygen tanks and the recovered tanks were drawn down. I think they did it simply to try to avoid lawsuits.

An interesting FOI to NASA would be to request all posts and comments made to RC from NASA networks. Gavin can claim that he is making posts to RC on ‘his own time’, but if he is using the NASA network, then all that stuff is FOI-able. There’s an exclusion for personal communication. But RC is a business and Gavin can’t hide behind the personal communications exemption.

“Valid” e-mails does not mean “legal to steal.” “Valid” does not mean “public.”

And if he’s as savvy as you say, then surely he knows how off-hand, private discussions can appear much different in print, in public — and he may well be simply concerned to keep the damage down.

Assume for a moment that these guys are all Eagle Scouts, and that they did nothing wrong. The e-mails indicate clearly that they were bothered by politically-motivated opponents, and scientists who went along with the opponents on grounds they considered less than scientific. Especially in that case, the release of the e-mails is damaging — it gives denialists something to talk about that sounds bad, even if it is not.

I see no criminal activity. I haven’t found unethical activity. So far as I can tell, the ice is still melting, and the planet is still warming. Can’t some body tell the glaciers and atmosphere that it’s all a hoax?

Can’t some body tell the glaciers and atmosphere that it’s all a hoax?

Ed, you represent a too common sort of newcomer. 1) You haven’t read the gigantic number of posts and comments on this site. 2) you’ve been told things, like “glaciers melting are proof of anthropic global warming” and accepted them without due diligence. 3) You think 1 and 2 make you qualified to come here, and post on any random thread that those here must be wrong. Now you certainly have the right to do so (at least until Steve Mc comes along and snips you for being off topic) but you don’t get points from the old hands here for doing so. #1 means we can’t be too mean, but that it would take a lot of effort to get you up to speed. #2 means that ignoring you, which was my first inclination, will make you feel we’re just too boneheaded to take on your brilliance. So just what do you expect us to do? What I’m going to do is give you a few statements that come to mind and then let it go at that unless you show some willingness to learn.

Ed, you represent a too common sort of newcomer. 1) You haven’t read the gigantic number of posts and comments on this site.

You haven’t read any of the posts on my site. You’re still welcome to post. If one had to read everything written before ever giving comment, we’d all have to remain silent. Not only have newcomers not read all the posts, very few others have, either. Other than trying to find an obtuse way of saying “shut up,” did you have a valid point?

2) you’ve been told things, like “glaciers melting are proof of anthropic global warming” and accepted them without due diligence.

You haven’t got a clue how many glaciers I’ve visited, nor when, nor where. Arguments ad ignorantium can be charming in their naivete, though. Evidence tends to blow them out of the water.

And your evidence that no glacier melt is caused by global warming is where? Another argument from ignorance? I hope not.

3) You think 1 and 2 make you qualified to come here, and post on any random thread that those here must be wrong. Now you certainly have the right to do so (at least until Steve Mc comes along and snips you for being off topic) but you don’t get points from the old hands here for doing so.

It is my long experience that those who will not listen to newcomers because they are newcomers will not listen to anyone with a contrary view — and so their own views tend to lose validity, too. Scientific arguments are a lot like gene pools. Good ones benefit mightily from new input.

Should I be arrogant enough to assume you have as little experience as you think I have in the traces of science, would I be correct?

#1 means we can’t be too mean, but that it would take a lot of effort to get you up to speed.

Or not up to speed, but steeped in the local mythology (I subscribe to the Griffin school of myth criticism, by the way).

A good way to never make converts is to close your doors and talk only to the congregation that was here last week. You can preach to the choir all you want, but that tends to hurt the budget, if you know what I mean.

#2 means that ignoring you, which was my first inclination, will make you feel we’re just too boneheaded to take on your brilliance.

So you decided to post rudely, just to make it clear that it’s not just a feeling?

I like the cowboy poets. One of their aphorisms is, “It’s better to keep your mouth closed and be thought a fool, than to open it and remove all doubt.”

You think I’m brilliant? Another audience hornswoggled! If I can fool you so easily, you’re just fresh meat to the Exxon propaganda crew.

Or you could be polite, and provide some answers. Rather than your assuming everyone else is more idiot than you are, without any great evidence, you might try being polite to a newcomer and direct me to correct sources of information if I make an error.

If you know of any.

So just what do you expect us to do? What I’m going to do is give you a few statements that come to mind and then let it go at that unless you show some willingness to learn.

Being a non person my request would bare no weight, But Steve, all, would now not be the time to make a joint ‘Freedom of Information request’ to CRU, the Norfolk Constabulary, the Minister, and perhaps even his Highness Gordon Brown ? Results might be an impossibility, but I am sure that the answers would make excellent reading, a few thousand signatures from WUWT, CA, Bishop Hill, Lucia, etc etc, would at least let the ‘Constabulary’ and UEA know that this trillion dollar scam is not disappearing

I think CRU being taken down for a security upgrade is a significant part of all this for two reasons:

1) It shows they found security problems with their systems that were severe enough that the systems were taken down while the problems were being fixed. this supports the “gaping security hole” angle.

2)Unless the security changes were well documented, it becomes more difficult to uncover the plausible explanations of what was done and how it was done.

According to its website (Google cache), the CRU server was down for some time. Password changes are relatively quick. Permissions can take a few days, depending on the systems complexity. My guess is that this was a software upgrade or a physical / network structure change to the system(adding a good firewall box, for instance). It’s really tough to say.

From a brief check, it looks like their Unix boxes output gzip files and tar files, and the PCs appear to be windows based putting out zip files. Anonymous ftp seemed to be frequently used on some systems, so passwords may or may not have been safe (really old unix OS didn’t hide the encrypted passwords in the password file – this was fixed in the mid 90s, as I recall).

Unix systems have _always_ encrypted the passwords. Initially, they were stored in the second field of /etc/passwd. However, since that file must be readable by all users for the system map UID to usernames and vice versa, the password field was eventually moved to a file readable only by the superuser (uid == 0, aka root) /etc/shadow. This was to prevent password cracking programs access to the ciphertext (the login programs have built-in delays to make exhaustive password testing unpractical).

The strength of the encryption al-gore-ithms has changed over the years, starting with a relatively simplistic salted trapdoor algorithm to more modern systems using MD5/SHA-1/SHA-256 cryptographic hashes.

If the unix systems predated shadow files, then a very simple program can very easily crack all the passwords using modern hardware in a fairly short time.

Agreed they were always encrypted (I didn’t mean to give the impression they weren’t) – shadowing was added in the mid 90s as I recall (at least on HPUX and SunOS). On an old system, ftp the /etc/passwd file and crack away. Today, that’s all script kiddie level.

CRU has been around long enough that they may have some legacy systems they never upgraded the OS on. Old Unix systems also had an option for the password to lapse, resulting in an open account. My guess is that for user convenience, CRU users are allowed to have the same login name and password on multiple systems. Get into one system, and it could be possible to chain through the rest of them.

Even a shadow file is of no help if the Unix/Linux system uses NIS for account management. But there are myriad ways to get the passwords. Many protocols use open text to log in: telnet, ftp, imap, pop, webmail. And thanks to lazy Unix admins, the user name is frequently the same as the LHS of the email address (the left hand side of the @).

Finally – the emails really should no longer be considered emails for the purpose of mail hacking. They were simply files stored on a server or servers somewhere. Once they are at the end point they are no different than any text file. Except perhaps more discoverable. Unix/Linux systems generally store mail in a user’s home directory in a directory cryptically named “mail”. It is a trivial thing to crawl the mail directory in a peer user’s home directory.

Last point on the Unix/Linux connection – many times home directories are not on the server where the account exists. For convenience it is common to put all user accounts on a central server and automount the user’s home directory to the specific system they are connecting to. And since their mail is cleverly hidden in a directory called “mail” in their home directory, it is really only as secure as that home directory server is. That is Unix in a nutshell – boring, I’m sure, but perhaps helpful to know.

Re: harold (Jan 13 09:16),
[What I’m about to say is for background info. There’s no proof that access to the email server was needed at all…]
Given access to the server, it’s scary-easy for a knowledgable person to decrypt the passwords. Today’s open-source cracking technology takes advantage of big disks and fast CPU’s to pre-calculate all possible password values. A simple lookup provides the password immmediately.
I don’t want to distract from the main topic, so won’t provide more detail here. It’s not needed to understand the key issue:

Undetected hacking is always a possibility. Insider access is almost always simpler than hacking.

They were running “Scientific Linux” from April to October 2009. I wonder if there were some problems with this version and that’s how they got hacked. They even went backwards on Apache versions in November 2009. The current setup seems more secure as it only reports Linux and “www” for the specifics.

If they suspected a hack and wanted to investigate it properly especially in a way to have what they find be evidence to be used in court, they would have had computer forensics people and witnesses take the server offline to make a number of copies of the hard drives which would have to be signed off and some sealed.

After that they would probably start a quick investigation first to figure out the big security holes and close them before bringing the server back online.

Perhaps they could have done both parts under the banner of a ‘security upgrade’ or they could have done the latter. If they’ve done the latter then whatever they find on the servers, if they can’t verify it with information from other sources it won’t hold up in court.

The only thing we know was taken down was the web server. The web server would typically be isolated from the internal network in what is called the DMZ. The biggest security hole in any system is not the technology, it is the users. We know from history that the users were less then cautious with what they put on the web server. Remember the mole? The “gaping security hole” may, in this case, be the users. It seems more likely to me that the server was taken off line so that any other potentially sensitive documents exposed to the world wouldn’t leak out and to give them time to audit what files were on the web server.

As a person familiar with computers I have often posted links to files in order to share them with someone because the associated files are too large to email. I simply place the link on a web page that no one would ever think of going to and email the page link to the person who needed the file. In doing this I often made mistakes – like forgetting to delete the link or placing the link on a page that can be googled and was, therefore, not as hidden as I thought.

If the emails showed up on a web page it may have been intentional by someone at E Anglia. Just a thought.

Somewhere there was an email where Jones talked about this very thing. I can’t put my finger on it right now. This seems to have been a common practice at CRU: publish a document to a ‘hidden’ link with no password. It surprises me how technicly challenged the CRU are.

I’ve adopted an editorial policy against any further discussion of Paul Hudson as a total red herring. If some evidence emerges elsewhere to change my mind, I’ll cover it, but until then please discuss this elsewhere if you are so inclined and I would urge you not to bother.

If accounting was turned off on the system(s), there is much less of a footprint left. Alternatively, the person may have used someone else’s ID – root and admin passwords are frequently shared within a workgroup. Maybe there was an open Guest account, who knows?

I’m only saying I think the tracks that would be easy to find would be internal to CRU / east anglia. That they seemed initially to have no clue how/who did it indicates to me that they are now either looking for erased file clues on the disks or looking to get relevant IP address info off of some of the websites or both.

In any event, once the police became involved, they should have taken the disks in question as evidence, so that by itsself would require rebuilding the server once a new disk is installed. I don’t recall the timing of when the server was taken off line vs when the announcement was made that the police were involved. Really, this can be speculated on all day and nothing resolved – insufficient information.

There is no doubt in my mind that there are some – they’re dealing with zip files on some PCs, so they have the software. Probably not significant, but UEA’s IT policy is that PCs are not to be used for storing files (I took it to mean in an archive sense). Win95 and up (not Vista) are IT supported OSs. I thought security updates for win95 and 98 stopped some time ago.

Dave McK was trying to figure out if it was plausible the zip file was produced outside of the US. His experience seems to be that Europeans don’t use zip very frequently, but frequently used by US – an attempt to narrow down the possible / plausible scenarios. I agree, I don’t see narrowing focus as desirable, either. I think due to lack of hard information, the whole discussion will remain speculative / evaluative until something more breaks (if ever).

Re: Bernie (Jan 13 08:59), if it were an outside attack by someone truly qualified, there would not be enough evidence to find out who did it. Of course, it could be someone less-than-qualified who left tracks.

NASA blogger Gavin Schmidt – and frequent CRU correspondent – gave the first Team response at about 12.50 pm Eastern on November 20 here . Blogger Schmidt now conceals the posting time of his posts; however comments start arrive at about 12.55 pm Eastern and arrive quickly, leaving little doubt of the posting time. It’s well worth re-reading. As are the original statements from UEA over the next few days, especially here.

As I said above I am still amazed at what Gavin Schmidt was able to do as a United States government employee….I know of NO industry that gives it’s employee’s such freedom unless that industry feels the employee’s activities are in it’s own best interest

I was struck then and again now upon re-reading what Gavin wrote – how well written, moreorless complete and carefully worded Gavin’s post was. He certainly provides no basis for questioning the authenticity of the emails and also carefully avoids the core issues, viz., FOI and journal article review manipulation. I thought at the time it read like a PR-developed damage control piece – admit the obvious, obscure the most damaging and blame the victims. The other thing that just occurred to me is that it also reads like a lawyer’s assessment of a worst case scenario if the documents were in fact released in compliance with one or more FOI requests.

It’s a standard letter threatening with a warning “lawyers will be all over you if you do this or that”. And yes, it’s obvious that Schmidt warned CRU about the leak as he was the first who saw them on his blog.

Mosh commented that the retrospective timeline doesn’t fully do justice to the uncertainty on late November 17 when no one knew that Gavin had already seen the emails or that links were on other blogs. Quite so. Lucia wryly points out more directly Gavin’s critical role in confirming the probable authenticity of the emails (a role latent in the above timeline). It was Gavin’s notice to CRU of the existence of the dossier that caused CRU to harden their security (and thus provide confirm the probably authenticity of the dossier). Thus, Gavin, in addition, to being his own Mystery Man, would be the deepthroat’s deepthroat. As Lucia says, “The irony!”

Steve – one of the intriguing observations I make from the timeline is the lag between the posting on RC, and the links at tAV and Climate Skeptic pointing to the Russian server. Seems that “Deepthroat” decided that posting the dossier directly to blogs wasn’t such a good idea, and instead spent some time setting up the ftp server.

I’m also curious about the choice of the blogs. Anyone who follows this stuff has heard of RC and WUWT, but (no offense to Jeff and Warren) you have to be pretty immersed in this to know about the other two.

I wouldn’t rule out the possibility that someone familiar with the skeptic community was able to download the dossier from RC and then later upload it to the Russian FTP site.

Good point: the post to the Russian server may not have been by the original mole. Hadn’t considered that. But then my ignorance is almost total, as I realise the more I read this thread. What matters is what was inside the zip file and what it revealed, as Steve Mosher says. But fun trying.

According to Steve McIntyre above the next references to the Russian server, on tAV for example, were just before 23:00 EST 17 Nov 09.

Do you agree on those timings? Once I’d read Charles’ account I was assuming that the poster to WUWT, and thus the uploader to http://ftp.tomcity.ru some time before that, and the person who ‘broke in’ to RC no more than three hours before, had to be the same. They later expressed concern on WUWT (and thus to Charles, who was still on duty) that nothing seemed to be happening as a result. Surely this has to be the same person throughout (or at most the same group of people, all still unknown)?

Thanks for getting me to be more precise.

Steve: I think that CTM means 6.25 pm. PST) 9.25 pm Eastern, which would be an hour before the links at JEff Id. I’ll try to verify.

Charles called me at 7:02 PM. I was out with a friend, my phone on vibrate. I returned his call around 7:30PM. I then took a cab cross town and got back home, say around 7:45PM. he was virus scanning when I got home
I think he did a couple rounds or more ( I was chomping at the bit ) The CD time stamps indicates ( on the zips) that he burned the disk for me at 9:36PM he had a call into Mc.
or a mail into mac to have mac call him on our house phone.
( voip so sorry I dont have phone logs )

According to Steve McIntyre above the next references to the Russian server, on tAV for example, were just before 23:00 EST 17 Nov 09.

Do you agree on those timings? Once I’d read Charles’ account I was assuming that the poster to WUWT, and thus the uploader to http://ftp.tomcity.ru some time before that, and the person who ‘broke in’ to RC no more than three hours before, had to be the same. They later expressed concern on WUWT (and thus to Charles, who was still on duty) that nothing seemed to be happening as a result. Surely this has to be the same person throughout (or at most the same group of people, all still unknown)?

The strongest reason for the CRU to take down their system is to block a leeker from poking around and covering their tracks. It takes little to plug the firewall and keep a hacker out. An insider with permissions can still move around and delete track they left leaking the files. This includes how and when the files were aggregated and prepared to be released in a single dump.

The finger points to a whistle-blower and perhaps one with a relatively conservative outlook and naive faith in the BBC (or even, as later, RC as an open forum). I agree with Richard Drake – the whistle-blower needs protection. It is well-known in the UK that there is dissent within UEA’s climate science community – of which CRU is a small part, and that some top level people are fed up with global warming evangelism.

UEA have instigated a high-level inquiry under Sir Russell Muir, a judicial figure with a natural science degree -and there has been talk of him requesting advisors on the science. His remit is to look at the whole affair from the perspective of appropriate and correct science protocols. He is no stooge, and although the eventual spin will be ‘this doesn’t effect the underlying science of global warming’, CRU will not necessarily get a whitewash.

I would say the better analogy for this than Watergate were the Pentagon Papers. Those were also files disseminated to the public domain against the wishes of their original owners. I believe the courts found neither the leaker nor the publishers were guilty of criminal wrongdoing. It’s another case the liberal establishment likes to trumpet so hard for them to argue against since motive in both cases was to expose wrongdoing (or what the leakers felt was wrongdoing) to the light of day.

The most important thing here is to make sure the documents and exchanges don’t get swept under the rug as Schmidt and CRU seem to want to happen. Pressure needs to be kept up on the mainstream media to not only expose the contents of these e-mails and documents but the additional analysis done on the data, documents and e-mail.

Ellsberg was indicted and tried. The charges were dismissed due to investigative and prosecutorial (unwarranted wiretaps and failure to disclose) misconduct. That is in no way equivalent to being found not guilty.

I am a lawyer not a scientist so sometimes these posts are slow going for me. However, even though it takes a while to parse the details, I am very grateful for the information posted on this site. I particularly admire the clarity of the prose and the logical organization of the information within each post. The utility of knowledge is dependent on the ability to communicate it. This blog gets an A+ for clarity of communication.

Hope this further comment is not off topic:

I am pessimistic about how useful the investigations at Penn State and East Anglia will be. Not because of bias or lack of zeal, which is a problem in any internal investigation, but because of competence. A useful investigation will require the investigator to possess (1) a sophisticated knowledge of the climate science issues involved, (2) a similar knowledge of IT systems, (3) a very high level of investigative skill and experience and (4) the capacity to access all the relevant information, which probably includes subpoena power and the ability to take testimony under oath. These four elements are highly unlikely to converge in one individual, and thus will require a team approach and likely expertise from outside the usual university staff.

I see no evidence that the investigations are likely to be conducted in the manner required. Thus I believe the results of the investigations are likely to be inconclusive at best and misleading at worst. This is all without taking into account the issue of bias.

I’ve never blogged on this site before, and only once in all time, so forgive me if I’m out of order.
If all the material was ‘prepared’ for an FOIA, how would that request have been framed? Looking for what information? If such a request were made, the requester would know that the information might be collated (and just might know where!). He/she would be well placed to look/hack/search for such a file.
It would seem otherwise a most serendipitous find.
If there are lists (perhaps publicly available?) of FOIAs that have been made, maybe such a request could be identified.

The team were complaining about the number of FOIA requests they were receiving so how about this scenario:

The FOI officer emails the team as says something along the lines of:

“Hey guys how about you get all the emails/documents you think are relevant to any of the FOI requests and put them in one place.
I’ll then go through them and package everything for, say, an IPCC FOI request and you can look at the package and decide whether to comply or appeal. Then I’ll do the same for Yamal request etc.
This way you dont have to search through your email 10 times for 10 different requests compiling 10 different set of email, just do it the once. I’ll set up a “share” on the department file server called FOIA that only you will have access to.”

Two points I’ve noted. First, most of the material leaked is too sensitive for anyone to willingly release it. The second point is that CTM over on WUWT provides the text of the email that went with the posting:

“We feel that climate science is, in the current
situation, too important to be kept under wraps.

We hereby release a random selection of
correspondence, code, and documents.”

Re the speculations on FOI requests – there weren’t any FOI requests to which the dossier remotely corresponds. IT goes hugely beyond the narrow FOI requests on the table.

HOwever, there had been extensive publicity in the summer about CRU obstructing FOI requests. CRU had provided false answers as excuses for non-compliance: – in particular, that they had confidentiality agreements that specifically prohibited providing station data to “non-academics”. There were no such clauses in any agreements – a point that the university subsequently admitted (leaving aside the issue of whether there are even any valid agreements.)

Not only was their answer untrue but this absurd situation attracted a lot of attention, not just in the blogosphere but even in NAture.

Given both the FOI profile and the embarrassment of giving untrue answers relying on Jones, it would have been entirely reasonable for someone in the administration to prepare an internal dossier of precisely what Jones and so on had been doing. Arguably, the FOI officials at the university would be imprudent not to. That’s not the same as saying this actually happened.

It’s a possible scenario. So is a disgruntled employee passed over for tenure. Maybe it’s a student embarrassed by the antics of the professors. Maybe it’s something mundane like a failed affair. No one knows. Maybe it was someone at NASA.

Maybe a team member with an attack of conscience? Maybe a classic piece of British subterfuge and misdirection …
The total silence from official CRU investigation is puzzling – though the Christmas break probably brought everything to a halt.

I’d be surprised if the authorities ever find out who sent the dossier. Whoever did it knew exactly how to hide his tracks. It was no ordinary leak/hack but a well-planned, we-organised release of pertinent documents and data. Every piece is on the mark and controversial. Almost like he was compiling it in case he needed it.

It certainly could be a red herring, but if the content of actual FOI requests is in fact discoverable (maybe in public domain somewhere?) then it might be a pointer to what went on behind the scenes and give leads to the sequence. If not discoverable, the idea leads nowhere.
I rather like the scenario from TerryS, though it seems too easy and convenient.
Anyway, as WillR pertinently asks ‘ what do you if you surmise the origin ?’ Still it is interesting!

The request was for “list of FOI requests that have been made to UEA
relating to the Climate Research Unit, including the content of the
request, and its status (answered, turned down, pending, etc),
going back to the commencement of FOI.”

I’ll go through the possibilities of what may have happened one at a time and offer my completely unsupported conspiracy theory at the end.

1. It was an external hacker. Highly unlikely. The hack was so targeted, it is hard to believe that the hacker would not know there was incriminating material to be found in advance of the hack. An outside hacker would have need to be able to hack into the CRU system once, find emails, code and documents, delete non-pertinent emails and upload it between Nov. 12 (date of the last email) and Nov. 17 (date of first upload). Or the hacker would have had to hack into the same system multiple times over the course of months and not get caught. The only possibility that seems plausible is that the hacker was a former employee.

2. It was a leak of an “internal dossier” compiled by UEA (Steve’s thought). The hack breached the CRU system, according to news reports. If UEA produced the document from a larger set of CRU emails and documents, why would the dossier be stored on the CRU servers? If UEA requested a subset of information from CRU pertaining to the pending FOI requests, why would CRU include so much more than that and include recent, incriminating emails? Unlikely.

3. A CRU employee was storing emails, code and documents over time. There is no one person that is common to all the emails. It had to be a hack into the email system. The hacker would have to know the context of emails going back at least 10 years. Plausible, but this would take a lot of time and multiple breaches of the email system.

4. My outlandish, unsupported theory: CRU staff made a collective decision to delete emails that were related to FOI requests or otherwise incriminating. Since deleted emails are not permanently erased, a CRU staff member grabs all deleted emails from the point the group decision was made until Nov. 12. Here is why this might be true:
*It explains how a single dossier could include relevant but obscure emails going back over 10 years and incriminating emails from as late as Oct./Nov. 2009.
*It allows for the short span of time between the last email on Nov. 12 and the Nov. 17 release.
*It is plausible given Jones’ statements on his deleting of emails, his urging others to delete emails, and his resolve to delete data rather than make it public.
This scenario is so crazy I don’t believe it myself, but nothing would shock me anymore.

Your number 4 does not work due to the structure of station (user) email files and due to the structure of server email files. …as I understand them. And I have been know to modify a file to recover it ..or whatever.

Steve, “Given both the FOI profile and the embarrassment of giving untrue answers relying on Jones, it would have been entirely reasonable for someone in the administration to prepare an internal dossier of precisely what Jones and so on had been doing.”

Opening the possibility that the leaker is someone in the administration or law offices of UEA. Someone perhaps shocked by the contents of what had been assembled and impelled by conscience to make it widely known.

Steve: Under this scenario – and it’s just a scenario, not more than that, CTM’s idea was that the file was left on the server and discovered by a third party. The compiler of the dossier and the exporter of the dossier are not necessarily the same person, though they may be. It’s all speculation.

I remain convinced that file was created inside CRU, one way or another. Any other explanation strikes me as not impossible, but at least a very low-order probability.

Now, whether it was created “officially” and then got loose against their will, or entirely unofficially, I have no opinion on.

I just find it highly unlikely that the right combination of skill sets both climatology history and computer, combined with the mindset to do the deed, would exist outside CRU. Because either they’d have to do a much more massive hack of data and then boil it down afterwards, or they’d have to spend a great deal of time inside CRUs system doing the picking and choosing.

As I’ve mentioned before, the timeline seems connected to the FOI process rather than Copenhagen. The last date in the dossier is Nov 12; my FOI appeal was denied in a letter dated Nov 13 and emailed to me a few days later. The manifesto is entitled FOIA and the file is named FOIA. My FOI was considered on Nov 13 not because of Copenhagen but because I appealed in early August. I appealed in early August not because of the prospect of Copenhagen, but because the initial request was denied in July. It was considered in July because I requested it in the spring. I requested it in the spring because I’d noticed the Met Office webpage in the spring.

In addition to the article in Nature, there was an article in the UEA student newspaper about the FOI obstruction at CRU.

I agree, Steve. Warmers wanted to tie the leak of the dossier to Copenhagen because it allowed them to indulge in conspiracy theories about skeptics and portray them as some dark and nefarious closely-knit group of industry insiders plotting the downfall of pure science.

Copenhagen turned out to be an exercise in futility. Saying the release of the dossier was timed to coincide with Copenhagen allows warmers to imply that Copenhagen was more than what it actually was, i.e. a junket for warmist illuminati that accomplished nothing.

I predict it will be established in the future that this had everything to do with FOIA requests.

The dossier was not put together to comply with any FOI request from any known
player on this side, its too large, too non-specific. It looks like it was put together specifically to show bad behaviour from CRU and its associates….from someone on the inside.

Minus any further evidence, the FOI file was being cumulatively collected for ?? who knows what purpose ?? (perhaps for deletion if an FOI request succeeded at some point, thus cleansing the email records)

It was opportunistically dumped into the public arena about a week or so before Copenhagen to maximise damage (personally, I think this time span was cut too fine, no real time for examination and public circulation of the sordidness). Hence the accumulation of emails ceased then

The “manifesto” mentions FOI and doesn’t mention Copenhagen. That the emails go to Nov 12 and the FOI decision was on Nov 13. If the dossier was compiled by an administrator in connection with the FOI decision, then no more explanation is needed. ONe hypothesis was that the compiler of the dossier and the exporter were different people – someone found the dossier on an unsecure UEA server.

seems to me some IT person within CRU was designated to (or decided to) “cleanse” the email record systematically of any reference to FOI avoidance and associated chatter (likely without Jones/Briffa et al’s knowledge, since no one remembers all their emails over 10 years) and just stored the scattergun scrapes for review

The actual public dump process was very clever in an IT sense (no scientist I’ve ever met & I’ve met a lot of very clever ones, especially in this age cohort, has any idea how to do that and not be easily caught). Consequent to this, I think an IT person (not at all necessarily the same one) opportunistically dumped the scrapes into the public arena coincident with Copenhagen for maximum sensation but cut the time span too fine

I think you may be overestimating the skill level and rarity of knowledge involved. From discussions with non-hacker university students, it seems to be fairly common knowledge that using at least 2 anonymous proxy servers covers your tracks completely (each in a different country, and Russia is a popular one). This comes up all the time when people post illegal copies of DVDs, for instance.

If you think it is related to that FOI, for which the appeal was denied on Nov 13th, then which FOI was that, if may ask?

Steve: For the station data. And as I’ve said a dozen times, there were no FOI requests to which the dossier (if it were prepared by an administrative person) were responding to. A competent administrator who’d been hung to dry by Jones and CRU by attaching his name to false statements (as had occurred in the summer) might reasonably want a dossier on CRU to see what potential problems he was dealing with. CRU’s claim that there were “non-academic” clauses in its confidentiality agreements was totally fabricated. No responsible administrator would want such a thing to happen to him again.

Steve, “there was an article in the UEA student newspaper about the FOI obstruction at CRU.”

Now there is an appeal to conscience. I can’t think of a more highly idealistic group than university undergraduates. The article appears in the newspaper. Certain undergraduates get upset at the lack of openness and fairness at the UEA CRU. They decide to make fairness happen by hook or by crook, and give CRU a proper poke in the eye.

I can’t think of a group more willing, more able, more enthusiastic, more dedicated, more conscience-motivated, not to say more engaged in oneupmanship trickery with a lovely hilarity, than a crew of modern university undergraduates. Especially British undergraduates.

So, they do it, have a great laugh, and keep silent watching the ensuing external merriment and the ants swarming from the nest.

Steve: And uploading the dossier to realclimate has a prank feel to it – like parking a car on a high school roof.

Yup. That’s exactly what I think. Hacking RC for the release is like parking a car on the school roof. I don’t know anyone over 30 who would risk their own butts with that kind of stunt. We’ve all been taught life’s lessons by then.

You might be mad enough to simply drop the emails on an anonymous server and send a link saying what they are, but I bet most of us wouldn’t mess around with them. Hell I removed the link the instant I knew what it was. — Brave? Nope! Stupid? Nope.

We kinda knew brother Knepper was going to be a star long long ago. He just had this presence. My Senior year I spent a fair amount of time with him, crashing at his off campus pad. he introduced me to Tom Waits’ music. After graduation we both hit LA, I saw him a couple times as he found bit parts here and there ( wild thing, a blake edwards film). Lost touch with him since then, only seeing him on screen, law and order, star trek, then prison break. A cool guy, very down to earth.

Copenhagen may not have been a direct cause for the leak, but it could well have provided indirect motivation.
The Copenhagen summit, with President Obama an avid supporter for reducing emissions, was looming. To many people, the summit looked like it could be a big deal. This could have concerned the leaker or hacker to do what he/she could do. The leak or hack taking place on the eve of Copenhagen seems more than a little coincidental.

Steve: The FOI timeline had nothing to do with Copenhagen – whether it seems coincidental to you or not. I made a request in May – with response times and appeals, it took until the eve of Copenhagen. Had UEA simply provided the data, then the appeal would not have taken until the eve of Copenhagen. We don’t know who the source was. He made no mention of Copenhagen in his statement. Nor did Realclimate connect it to Copenhagen in their original response on Nov 20 (and they’d had the emails for several days). It may or may not be connected. All I’m saying is that it’s not a given that it is. Right now we don’t know.

The best motive, after all, would be a concern for science and the scientific method. Well, love for humanity might trump even that but you know what I mean. I’m inclining more to the FOI explanation of the timing. Roots and shoots. Better not to get them confused.

The whistleblowing packager of the emails and files, based on their nuanced use of search terms, was sophisticated enough and sufficiently knowledgeable of the issues and backstory to know that policy-level climate talks are a runaway train where new facts can have no impact on the discussion. They would know that the next opportunity for facts to matter would be during the fifth assessment, NOT Copenhagen.

There’s a lot of truth in what you say, I believe. But I think it’s worth distinguishing opportunity, motive and impact. I’m happy to agree with you (and Steve) on opportunity and motive. Where I’d quibble with you a little is

They would know that the next opportunity for facts to matter would be during the fifth assessment, NOT Copenhagen.

I’m not sure the whistleblower or any of us would know that. That’s the thing about the truth. It has unexpected consequences. That’s what makes the universe such fun!

FOIA.zip implied to me that I might be safe in inspecting further. It could be a ‘trojan’ but I decided to ‘look inside’. A well named zip file given the circumstances.

The ‘cover letter’ listing specific quotes was well crafted. I knew when I read it what I could expect ‘further inside’. It was quite a teaser and I interpret that to be: For Immediate Release. They were trying to get the attention of someone who knew what the quotes meant…They were good quotes.

The fact that Mosher posted some samples early on is important. During this early time frame the ‘uploader’ is waiting for confirmation. One can see from the links, etc., sent that they knew to watch those blogs. Once a few came out, someone(s) got the signal “Message Received”.

There is a ‘time lag’ between what happened at realclimate and when Lucia received the email from Gavin. There was time to examine the content. There was time to reach a consensus on a response. Mosh lost some sleep. I bet others did too.

Yeah, in a just world you should get to choose the title of the film of the book of the zip file. (Mr Jones’ Diary is my favourite; the picture of the very large underwear associated with it somehow grabs me.) We wish you all the best.

Most of what you fellows are saying seems awfully complicated to me, a simple soul. In addition I have no idea how firewalls are plugged or unplugged, file systems are organized and other esoteria. But I believe hat this release was timed to be just before Copenhagen. It was done by somebody who objects to political agenda driven science as well as believing that the science is humbug. The person worked on this project for some time, inspite of you fellows who could do this in short order. To read a 1000 or so emails takes time and he is a careful and thoughtful sort. If there is some more to come I can’t wait.

Your beliefs are immaterial. What’s your evidence? The file was released the day after McIntyre’s FOIA request was denied. Copenhagen was still some two weeks to come. Based on pure probability theory, which of hte two coincidences is less likely? The one timed bang-bang.

for the record, I’m totally innocent in all this since on 17th Nov I was playing Pinnacle Point, on 18th Nov The Links at Fancourt, and on 19th Nov Oubaai, with no internet access available in my buggy, nor in our house … 🙂 … but upon return to internet, I was happyly surprised with their release and absolutely unsurprised with the content …

Well, I don’t suppose anyone reads this far down the comments anyway–I usually don’t–, so here goes: As much as I admire S. McIntyre and value his contribution in creating and maintaining this blog–and, for what it’s worth, I see him as a veritable reincarnation of Richard Feynman in terms of scientific rigor and integrity and brilliance–, for me this post and some others similar to it are “Climate Audit Lite”, which are ultimately not especially satisfying. Where went the actual auditing of climate papers? I long, troglodyte that I am, for those antediluvian days (the days before the flood of Climategate emails) when there was real science being done here, even if I didn’t always fully understand it. It was bracing! It had a magnificence! (I wish I weren’t saying “was” and “had”.) There: I’ve beefed. Throw me to the wolves.

I have an interest in large system modeling and started watching this unfold about three months ago… I was hoping it would stay technical too — I’m really interested in how you can use statistical techniques to to monitor output from large dynamic models (NP problems) and keep them honest.

However, considering the characterizations of Steve that went before it’s probably best to let him have his indulgence. It certainly provides vindication for anything he might have wrote or implied. Just roll with it and see what transpires. Three months ago I had no idea the debate was this …unruly? Whata learning experience…

SC: I think you are trying to impose limitations here. While the primary purpose of the blog is to audit the science, a secondary purpose is to audit the behavior of the scientists we’ve come to know all too well. While all of us knew there were machinations going on, none of us knew the extent. I believe it was Steve Mc who said at the time, “Words fail me.”

Rather than face up to the details and discuss the implications of the revelations in these documents, the Team has gone into hibernation, except for allowing a few interviews with favored media. They’ve “moved on” once again.

I understand that when you’ve read the same emails over and over again, they tend to lose their potency and their shock-value. But the full context of the story needs to be understood and there is no one with more knowledge and a greater ability to do that by putting the pieces together than Steve Mc, Mosh and the other players.

If the world unfolds as it should… …but it rarely does — this is the end of the line for Steve’s type of activity — in climate science. Why would you need someone like Steve or you or any of the other fine people here if scientists are asking for their work to be checked properly? — how boring! 🙂

Likely though the behaviour that caused Steve and you and others to create a community of — “je ne sais quois”… Fact Checkers? Truth Seekers? Technically minded seekers of — why do people diddle their results and answers and hide their raw data? — will continue — and that will cause you to want to continue the search for truth in other areas.

Me for one — I was too wrapped up in my new world (Steves old world) to pay attention — even though the Warming Debate really irritated me for reasons I never could put a finger on… But — I never did anything — and neither did most of the rest of the world.

While your time should be over — I have to ask: “will it be?” I’m cynical — I think not!

I have seen this behaviour before on large projects — I will see it again — of that I am certain. Maybe I learned a lesson — maybe I too will pay attention next time — and then actually do something — instead of just shrugging off a feeling.

Carry on! Finish the battle — mop up! 🙂

Maybe the next battle is to “redefine the meaning of peer review” — maybe you already have! Most people never accomplish anything this significant in all their lives. A very small group accomplished all this.

1. It’s being suggested that FOIA.zip was compiled in response to an FOI request. But the FOI request was refused. And we know that CRU didn’t take kindly to FOI requests. So why would anyone bother to compile FOIA.zip, only to have the effort wasted when the request was refused? Surely it’s more likely that the the FOI request is accepted, and then the FOIA.zip file gets compiled?

2. Also, there seem to be quite a few things – like The Rules of the Game and harry_read_me – in FOIA.zip which would seem to fall outside an FOI request. How can anybody have possibly asked for those?

3. From 1 and 2, I figure that FOIA.zip was not an FOI response. It’s just pretending to be one. FOIA.zip is a misdirectional filename.

4. Why does Source first upload FOIA.zip to RC only to see it deleted a few hours later? Surely Source knew this was likely to happen? So why did Source bother? Again, intentional misdirection. If it had been left there, RC would have been as much damaged as CRU. Had not Gavin Schmidt slammed the door, a lot more than 4 people would have downloaded it from RC.

5. How did Source manage to upload FOIA.zip to RC? The suggestions on this thread are that it was quite easy, by resetting the password, and generating an email with a new password. But Gavin Schmidt doesn’t work at CRU. He works at NASA, which is an entirely separate organisation. Would Source have found the relevant admin password for RC at CRU?

I don’t have an answer to many of these questions, but I’m getting the distinct impression that Source wants people to believe that this was an inside job, and that Source is working right in there alongside Jones and Mann and Trenberth. Source seems to have wanted to sow mutual suspicion in the Hockey Team. Certainly my own immediate sense was that this was an inside job. Now I’m beginning to doubt it.

Did you read the Harry file? Anyone interested in how station data are collated would be fascinated by the Harry account. Sure, no one would ever think to ask for a file of that nature. But if you were an insider seeking to explain how station lists might be impossible to compile or how station data could get mangled … file Harry sorta says it all. It explains why the “simple” questions wIllis was asking turn out to be not so simple after all.

That’s amazing Steve. SOAP. 1.4m euros over three years from March 05 and I’d never even heard of it. All to look at the hockey stick. (And, I think it’s safe to assume, find some obscure ways to rehabilitate it – or at least muddy the waters to the maximum after the Wegman Report.)

First up, mega-thanks to Steve Mc for this blog and everything contained within it. It never fails to surprise and inform. (And shock, indeed. Talk about soft soap. What a caper.)

Second, yes, the whistleblower was responding, as much as they possibly could, to everything that had been dealt with on CA. And this cannot have been a totally automated process. It took a deep understanding of and interest in the science, and the politics, and the controversies surrounding them, going right back to the 90s, but with a special focus on everything touched upon here.

As love notes go, you gotta say it’s different. But at times you can feel that way about it. “Dear Steve, I’m afraid it’s the best I can do. Till next time. WB x”

Only my interpretation, you don’t have to buy the last bit if it makes you feel bad!

And you know what I think tipped the scale? Briffa and Osborn more-or-less agreeing with everything Steve said (and nothing Real Climate said) on Yamal. This signalled to the whistleblower that Climate Audit had been right all along, and that further resistance would be futile. It was time to throw Mann under the bus.

Briffa of course was under considerable pressure from some rather ugly americans. Overpeck, mann. and Jones should have stuck by his man, not mann. lots of pressure, personal etc. In one mail, he gets quite pissed at the harassment about data.

I’ve been thinking that way more generally: a combination. She’s young, he’s old; she’s a prankster, he’s dead serious about the abuse of science; she’s a computer whizz, he can just about log on. It’s not an exact profile … but why not?

If I had to guess it is a single person. The use of the word “we” is a dead giveaway to someone like me. If its a group of people ( even two) you basically dont want to give that fact away. If its one person, you like the false trail of saying it more than one person. Whistleblowing and hacking are solitary activities.

I agree about ‘we’ being most likely to indicate the initiative of a single person. Hadn’t thought about that. But there are multiples lines of evidence. We are in the dark still – and we are extremely grateful still.

I would be very surprised if a mere grad student would ever be so bold. It would be a career-ending move. My guess is someone at the end of their contract, perhaps late in their career, or perhaps no longer interested in dendroclimatology – and so with nothing to lose. Possibly someone who was extremely unhappy with their project and sought revenge through a different outlet.
.
And, uh, male.

OK… But, maybe a postdoc. he goes to CRU, supposedly a career enhancing move, and sees enough to puke. Being interdisciplinary, he decides to go do something else before he wrecks his career; and, being ethical, he can’t feel good unless he lets others know what what made him leave. He can’t do it directly because he will guarantee a wrecked career. He’s pretty bright.

I think you should. But I think you should wait 24 hours, say, to let anyone who may agree with Craig Loehle that it’s not the right way to go to have their say. As I said to Craig I think discovering whodunnit and why they did is squarely in the public interest (as well as the process, however close your guesses and those of others may be, being very fascinating). But I do accept there may be a moral issue and I think that should be aired. And then, if you’re not persuaded otherwise, I think you should go for it.

Richard, a wise comment, “by gumit” 🙂 One could wait a bit longer, even. There could even be a message sent saying ‘Not yet…’ or at least so there’s time to prepare. Or, perhaps the more probable, we’re all wrong and it’s useful because it takes the heat off by spreading the suspicion around. That last part I’m not worried about at all. They all benefited whether they knew it was a scam or not.

3) Or something easy to remember when getting ready to hit the delete key.

4) The story related by Gavin was that the “Hacker” logged into RC as an administrator. He uploaded the file, posted the link at CA, and then attempted to reset all of the administrator passwords. They apparently were unaware of the email notification connected this action or that Gavin had a super-administrator login that allowed him to restore things. If the password reset had succeeded, then it would have taken extensive efforts to override and then remove the file, during which time, people would have been downloading it.

5) As has been pointed out, password and file security at CRU was rather lax (see the email with a user name and password, or the story of the Mole). Keith Briffa had some level of privileges at RC, and Jones probably did as well. Mosh has pointed out that Jones left his office early on the 13th, maybe he left things running. I have had to do that at work when the IT staff decides to upgrade security on the network server. There are many possibilities here.

If the password reset had succeeded, then it would have taken extensive efforts to override and then remove the file

If the security breach was as I described here then the administrative password would have been for the WP blog software only. It would not have been the OS admin. It would only take a few minutes for the OS admin to log in and remove the file as well as disconnect the malicous user.

1. It’s being suggested that FOIA.zip was compiled in response to an FOI request. But the FOI request was refused. And we know that CRU didn’t take kindly to FOI requests. So why would anyone bother to compile FOIA.zip, only to have the effort wasted when the request was refused?

Reasoned like an individual contributor at a large company; with time limits being part of FOIA requests there is little doubt in my mind that separate, individual and parallel tasks within UEA were kicked off, i.e., a) the collection and collating of relevant files for the FOIA request and b) the discussions and meetings as to whether they were actually going to comply with the FOIA request, especially realizing some of the early e-mails and some of the more incriminating later e-mails were available from the server.

When the deadline to respond had arrived the decision was made to deny … the rest is history …
.
.

So Steven Mosher’s role seems to have been somewhat exaggerated – PC’s statement that he got the files ‘several days before they were made public’. But I appreciate that there is a book to be hyped and I’m all in favour of that!

bender, I think you are due for a promotion. Given his newfound notoriety, I think Mosh should name you as his press agent, despite the fact that he’s been doing a pretty good job of promoting himself since the emails were leaked.

If that’s not possible, I will volunteer to review and edit his manuscript for free if he consents to give you a much-deserved and long-overdue raise.

Pool work is hard. I’ve been there. That said, the occasional presence of half-naked women takes some of the sting out of it.

Minor thoughts. What if the files were from a laptop (or maybe something used to back up a laptop)? “Attachment Converted: c:eudoraattachMAG-SG1.doc” can be seen – backslashes have been removed – and he seems to be using Windows Eudora. If these are messages personally sorted into different mailboxes this could be only one particular mailbox Prof Jones uses to sort/manage his emails but from his personal computer or a back-up of his personal computer.

(Jones not being on the To or cc list still could be on Bcc).

I know this disagrees with the RealClimate statement that the emails came from the webmail server (note: not just mail server but a webmail server). However
UEA uses squirrelmail for access to IMAP accounts. But the presence of C: linked files might mean they are actually the local copies, as might the presence of other documents which would not be available via a webserver linked to mail files.

However, on the other hand UEA webmail service also currently has the following warning: “Because a large number of UEA accounts have been compromised through recent phishing attacks, we will be requiring all users to change their passwords in the coming weeks.”

Who is “Carbon Throat?” Maybe someone will write a tell-all book in 10 years or so. I can’t imagine a scenario that doesn’t include a CRU insider… an absolute whistle-blowing hero. But even with this amazing evidence, the AGW beast isn’t going down without a fight. And I worry that the leaked files may be forgotten too soon.

This may have been asked before, but has anyone found the “IPCC correspondence” emails that Phil wanted to delete?

My thinking is that they would be at least as incriminating as the existing emails, but if they weren’t in the zip file, then why not? And if you’re Phil Jones, the next email you would delete would be the deletion request email. Why does it make it in the list and the others not? Possibly Phil’s request email was kept by one of the recipients who then deleted the other ones which would have incriminated himself.

Or maybe there’s another set of emails to come.

Or maybe the compiler was rushed at this point.

Apologies if this has been discussed before.

Dan

Steve: Yes – some that match the description are in the emails. On my to-do list. The emails in question show awareness that they are being done outside of IPCC rules and have “burn after reading” type comments.

I’ve just finished re looking at this and there was something very interesting that I had not notice before.

There are a couple critical mails on this subject. I’ve covered them in the book.
I’ve talked to Steve about them ( in fact he alerted me to one ) and they are at the heart of the destruction of emails.

My preference at this point is to let the book stand as it is, and not amplify here.
BUT, there is something interesting that I didnt notice before. It points to, is consistent with, Briffa destroying mails. Now, how does briffa destroy a mail and STILL have it preserved in the record. hehe. easy.

This is the kind of subject that deserves a top level McIntyre post. If people want to putter around looking through the mails to see what I’m talking about
DAFS on “6-737”

Oh, better yet, START your investigation by looking at the online reviwer comments of chapter 6 of AR4. Start with comment “6-737” Then after
you plow through those.. go to the mails and search on that “6-737”

Err, I think I rememeber that number right. holler back if I mis remembered.

So, let’s see … the E-mail in question is 1153470204.txt: Subject is “Re: Confidential” and it contains Wahl’s July 21/06 reply to Briffa’s July 18/06 request:

[Briffa:]I am taking the liberty (confidentially) to send you a copy of the reviewers comments (please keep these to yourself) of the last IPCC draft chapter.

I am concerned that I am not as objective as perhaps I should be and would appreciate your take on the comments from number 6-737 onwards , that relate to your reassessment of the Mann et al work. I have to consider whether the current text is fair or whether I should change things in the light of the sceptic comments. In practise this brief version has evolved and there is little scope for additional text , but I must put on record responses to these comments – any confidential help , opinions are appreciated.[…]

[Wahl:][…] I am also attaching a review article Caspar and I plan to submit to Climatic Change in the next few days. [The idea is that this would accompany the Wahl-Ammann article, to summarize and amplify on it — given all the proper and non-proper interpretation WA has received and the need for subsequent analysis that WA only lightly touches on. Steve Schneider is aware that it is coming.] I think a read through this, especially the part on PCs and Bristlecones, can say about all I might offer additionally. It is not lengthy.

Please note that this Ammann-Wahl text is sent strictly confidentially — it should not be cited or mentioned in any form, and MUST not be transmitted without permission. However, I am more than happy to send it for your use, because it succinctly summarizes what we have found on all the issues that have come up re: MBH. As you can see, we agree at some level with some of the criticisms raised by MM and others, but we do not find that they invalidate MBH in any substantial way.[…] [emphasis added-hro]

It would seem that in the planet on which these “climate scientists” reside, there is nothing that can ever be found to “invalidate” any of their research! Nor, it would appear, is there any ethical breach that they can fail to make. It is quite astounding to find out what goes on behind closed screens!

Moving right along to AR4SOR_BatchAB_Ch06-KRB-1stAug.doc … I’ve spent a few hours going through this, and I’ve come to the preliminary conclusion that there’s a virtual goldmine here (if not another book!) Amusing (well, to me at least, because it indicates further sloppiness on someone’s part!) sidenote is that the version one gets via IPCC link (if one has the perseverance to find it!) retains both the date (June 15/06) and admonishment “Confidential, Do Not Cite, Quote or Distribute”. IOW, even though this document is now public, one is not permitted to Cite, Quote or Distribute! But I digress …

There definitely seems to be a discernible pattern to Briffa’s “Rejections” (quelle surprise) which would warrant some quantification!

In the meantime, here’s an interesting Reviewer Comment [6-1075]:

The authors of this chapter should request an explanation from the lead authors of the SPM of why there is not a single graphic from the chapter shown in the SPM. Every other major section of the SPM has at least one supporting graphic. The lack of a supporting graphic in the “A Paleoclimate Perspective” section is effectively a slap in the face to chapter 6 authors. It also sends a disturbing message that AR4 is somehow backing away from paleoclimate-based claims made in the TAR where the results from paleoclimate studies were highlighted. Yet, a reading of chapter 6 shows no such thing, and in fact reveals more robust evidence in support of the key conclusions. Chapter 6 highlights the fact that there are now a large number of different paleoclimate studies which all lead to the same key conclusion that northern hemisphere mean temperatures in recent decades are likely unprecedented in at least a millennial timeframe. Moreover, several of the newer studies extend these conclusions back to at least the past 2000 years. It was a mistake for the authors of the SPM in the TAR to show only one reconstruction (that of Mann et al, ’99) when in fact there were multiple reconstructions shown in the body of the report (chapter 2) which supported the main conclusion regarding anomalous late 20th century warmth. This clearly set up one study as a straw man for attack. AR4 has an opportunity to undo the damage of that unfortunate decision, and show in the SPM Figure 6.10 which indicates that the key conclusions regarding recent hemispheric warmth in a millennial context are now supported by more than a dozen different reconstructions taking into account the ensemble of uncertainties associated with the different reconstructions.

This wasn’t in Briffa’s section, so there’s no “Note” from him. But I’ll give you three guesses as to the identity of the Reviewer 🙂 For the record, according to the IPCC version, and assuming that the colour coding was valid throughout, Peck had merely “Noted” this review item.

The confidential notice on the IPCC comments can probably be explianed thusly.

SteveMC requested the comments.
IPCC said: go find them in harvard library”
Steve FOIAd NOAA ( susan solomon)
IPCC replied ” we will send you the comments but dont copy or redistribute”
We (4 more of us) FOIA’s
They posted the comments with the same warning. That’s
my recollection. SteveMc can correct if I got the basic flow wrong

Thanks. for that background. I did do some analysis of AR4SOR_BatchAB_Ch06-KRB-1stAug.doc, btw … And I’ve quoted from it! … as well as from other stuff I found on the Harvard site … including a “hockey stick” that appears to have “disappeared” from text in a draft after it had been reviewed.

No wonder they don’t want anyone to quote or cite this stuff (and make it far more difficult than it needs to be in order to do so!)

The nested comments feature is nice but it makes it very hard to follow new posts to this blog and so I waste a lot of time scanning posts I have already read to find the new ones. Any chance of switching this feature off. Or will the CA assistant help here – I am a Chrome user not a Firefox user. Any suggestions ?

In other words, the so called “hacker” used the word “whistleblower” when uploading the files. He also did not say that he got them from CRU although we are assuming he did. See my posting below re the FOIA directory in the US.

Below is the original posting on the Air Vent site.

10.FOIA said

November 17, 2009 at 9:57 pm

We feel that climate science is, in the current situation, too important to be kept under wraps.

We hereby release a random selection of correspondence, code, and documents.

Hopefully it will give some insight into the science and the people behind it.

One thing that has been bothering me but I haven’t seen discussed is – why did the leaker/hacker hack into RC (I understand the potential that this was simply a poke in the eye), but only posted on other sites? RC was the only site hacked in this whole story. They would have had to have the ability to obtain an administrative password for RC – or would have already had knowledge of that password. They either did not feel the need to do that at any other site, or did not have the ability to obtain a password. There are other sites that may the poke in the eye would have provided as much fun. Heck, if they are that good, why not hack Yahoo, or Drudge, etc.

It is not as if getting the file on the RC site was going to get it to people who would otherwise not have access to it once the genie was out of the bottle. It either says a lot about the mind set of the leaker/hacker, or may be meant to provide some very convenient cover to someone.

Ego? A poke in the eye? Everyone knows it’s spin control for the crew. Maybe one of the crew had a cute student in his class and tried to boink them – the boyfriend got wind of it and perused the university systems to find best how to extract revenge and found this happy circumstance. I don’t think speculating about motives is particularly fruitful – humans are human, and there are way too many possible (in detail) motives to worry about them all. If you just stick to top level motives, then ideology or a bruised ego fit, and I think that’s as far as it can go.

I would like to return to the role of Gavin, the NASA blogger, because his role is somewhat illumed by the leak/hack and by his CRU correspondence. Its a big role!
Now, a chap like Prof. Mann enjoys non-governmental status. He has been attached to universities. But his colleague on Real Climate, Gavin is different: he is, or so I assume, an employee of the US government’s NASA. He posts prolifically on a non-NASA web site (Real Climate), so he seems to do a lot of non-NASA work, like telling the public his views or the views of the team.
It could asked, why doesn’t Gavin cash-in and take a job for a CO2 emission trading firm? Or become a well paid spokesperson for an environmental organization? Why this split personality: employee of the US Government, writing so much at non-official web sites, even writing ominous notes to private citizens to discourage them from looking at the CRU information?
One possible hypothetical explanation: Gavin is vastly more valuable to the team and its cause if he retains at least a part-time NASA affiliation. Why? The team very much needs team-loyal civil servants inside NASA, helping shape NASA’s official views and helping oversee the proper collection and interpretation of temperature data that NASA collects.

If you recall, Gavin played an important role in the timeline. And he pushed the envelope of propriety by communicating some ominous words. In what capacity was Gavin, when he was saying ominous things to the bloggers just in receipt of the CRU leak?

Information is leaked somehow from a university within Britain. Someone with a sense of humor elects to try to post this information to Real Climate. Gavin quickly realizes there is a bad problem here and starts saying ominious things to some bloggers who are also sent the information. They are innocent recipients from the mystery source. So on what grounds does a NASA employee say ominous things, in writing, to the bloggers about information they did not seek and involving the internal affairs of a university in another country?

The theme I am on is one of who is responsible? Is Gavin working for NASA or if not, then who? If paid by NASA, who does he report to and who is responsible for his communications with the public via Real Climate?
Information somehow leaks out of a university in another country. Ok, stuff happens. By what authority is Gavin entitled to object to the receipt of this information by bloggers? He does not work for the British university.

One of the team’s favorite evasive tactics is to pillory skeptics by alleging they are serving oil or coal companies.

Ironically, perhaps this draws attention to considering the specific personal duties and individual conduct of climate scientists employed by the US government. What is Gavin doing; is his conduct authorized; specifically who authorized it?

Say you wanted to form a hockey team (or like minded individuals self selected one other to form a team).

It might be inconvenient to have too many core members, because someone might lose faith. The more members, the greater the chance of a defection or change of heart, because someone learns more and becomes a turn-coat or whistle-blower.

People drawn to science will usually aspire to do good work. In Climategate, many good, idealistic people may have been innocently led astray by too few data or by being too accepting of reputed experts.

This seems reason to focus on core members of the team, including the subset who have responsibilities to their government employers. Gavin plays many roles for the team and is credited with co-establishing Real Climate, along with Prof. Mann. Is it any surprise Gavin would be at the point of attack when the leak is disovered?

Good point. What business was it of Schmidt’s? The very first point on the timeline and a very revealing sequel. Maybe the whistleblower knew the Team well enough to see that kind of thing coming and deliberately tried to provoke it.

Multiple affiliations seem important. Maybe there need not be NASA official views, even. A NASA scientist is approved to donate his intellect and knowledge to the UN and its worthy cause. Does his every contribution to the UN need to be reviewed? As a practical matter, it cannot be. The scientists supporting the UN panel must be expected to do responsible work.
Then on the side, Dr. Schmidt can communicate “real” science via the unofficial mouth organ of the team, RealClimate. NASA is not accountable for what he is doing, in either case. He is not writing for an official NASA web site. But its also valuable that he not fully depart NASA, to help mold views within NASA.

NASA has a boss, a top person. For NASA to forumulate policy views about the climate, the boss has to have staff employees who somehow develop views on behalf of the organization, for the uber boss to approve.
So where does Gavin appear within an organizational work chart? Or how does the Global Warming policy making process function within NASA, who is involved in formulating policy, and what is Gavin’s role? Does he work for Dr. Hansen? I have no idea. Does Gavin accurately reflect Dr. Hansen’s views when he ominously cautions bloggers to disregard information that has been leaked to them. Dr. Hansen has strong views on Global Warming long ago, long before Prof. Mann conveniently came up with his hockey stick.

For all I know, Gavin may only work for NASA just two hours per week. He may be in a limited part-time capacity, so he can devote most time to Real Climate, the non-NASA web site.
However, if he were on duty full time for NASA, his employer might give him a set of instructions as to what a NASA employee can do when collaborating with Professor Mann on Real Climate. Did his employer authorize him to ominously caution bloggers? Or was that just a trivial mistake, in the spur of the moment? (Surely we can forgive and forget.)

Seemingly a NASA employee with an oddly open-ended set of duties to write for a non-governmental web site that communicated the team’s message is involved early in the timeline in trying to stop a leak originating outside the US? Why would a US employee do this? Within NASA, who authorized or is responsible for this individual’s odd conduct? Is he a just a rogue free-lancer or what manager is responsible for him?

Gavin has been a busy bee, written lots of things. He is probably a very smart guy and hard-working, to be sure.
At the bottom right corner of the NASA.Gov web site, it appears Schmidt is a responsibility of Dr. Hansen. Ergo, when Schmidt is trying to plug leaks from foreign countries, this could be viewed as reflecting directly on Dr. Hansen, his approving official.
If so, we now have Dr. Hansen linked to trying to plug the Climategate leak, at its onset, through the actions of his subordinate, Dr. Schmidt.

NASA blogger Gavin Schmidt – and frequent CRU correspondent – gave the first Team response at about 12.50 pm Eastern on November 20 … It’s well worth re-reading

Here’s the stand out paragraph for me:

Instead, there is a peek into how scientists actually interact and the conflicts show that the community is a far cry from the monolith that is sometimes imagined. People working constructively to improve joint publications; scientists who are friendly and agree on many of the big picture issues, disagreeing at times about details and engaging in ‘robust’ discussions; Scientists expressing frustration at the misrepresentation of their work in politicized arenas and complaining when media reports get it wrong; Scientists resenting the time they have to take out of their research to deal with over-hyped nonsense. None of this should be shocking.

In other words, the emails showed science being done completely normally. One questioner had obviously imbibed this point of view at The Great Climategate Debate at MIT on 10 Dec. He suggested that if someone had full access to Richard Lindzen’s email archives, he would be equally embarrassed. Lindzen at once replied that he would not find one example of corrupt science, in all the years he’d worked, such as we have multiple examples in the CRU archives. This to me highlights the most fundamental point. To his credit George Monbiot got it right. He was trained as a scientist. Politicians don’t seem to notice – this kind of thing is business as usual for them. But if the CRU correspondents are merely politicians there is not the same truth claim for AGW

The fact that the first thing done – uploading the file to RC in the early morning hours, followed closely by the second thing – the posting of the link on CA is significant. Without speculating on the motives of the hackers/leakers, there is little doubt that this was a tactic that was planned for a reason(s). If/when we learn who did it, the sequence of events may seem logical…. unless it was done in this order to mislead in the first place.

The email dossier is just a selection and I don’t know the selection criteria but the ones I’ve seen show a lot of activity in Oct 2009 and seem to slow down Nov 2009. I haven’t checked (yet) but is there a way to determine who at CRU were traveling? If they are ‘gone’ or getting ready then activity slows down. Who hasn’t liked it when the bosses take a vacation?

That would be good time to be wandering around doing maintenance activites, “just tidying up”, and having a chance to quickly select target of opportunity emails and other documents. The docs are going to have to cleaned up a bit, at least for the sake of identity protection. Finally, FOIA.zip.

Maybe there was some kind of FOIA bruhaha and then it’s just the right timing inside CRU.

Phil Jones was in Lecce, Italy the first week of October. The UTC stamp in 1255298593.txt confirms that he logged in to his UEA mail account from a different time zone. And, a BBC reporter received at least one relevent email on October 12th. If his office was empty for a week, then there was opportunity for someone on the team to sniff around. More than a month transpired before FOIA.ZIP appeared, plenty of time to slog through and compile the material.

meh, I told mosher, no spoilers. I actually don’t care who it was (a good person) but whistleblower is a pretty simple, even, statistical, assumption to make. then, I said to myself, “How would I do that?” Thanks for the refs. I couldn’t pin anything down, at that time. My next question is, “Who else was gone? Just my question, but, maybe, just Phil being gone was enough.

Contrast that with stuff like ‘illegal hackers’, ‘russian spies. ‘the chinese did it’. Gavin’s email to Lucia. That’s OVER-reaction. But probably, their PR, media-control, expert made the suggestion:
“This is all going to blow over. Don’t worry about it.”

Even if I were a member of the team, I wouldn’t be worried. I read a lot and I’d just call the lawyer. No Worries.

somewhere on the web there was an article indicating that the investigation had identifying an october date for the first access.. ( memory again.. need to find it )

The files show two “bleachings”

in the documents folders certain doc files and PDF files are “bleached”
to show creation dates ( 1980) and one in jan 2009? same date as all
the mails. Now the two bleachings could happen the same day, but it also could point to two different instances. Jones is out of the office in october
and after noon on the 13th.

E-mails alleged to undermine climate change science were held back for weeks after being stolen so that their release would cause maximum damage to the Copenhagen climate conference, according to a source close to the investigation of the theft…

…The first hack was in October or earlier, the source said. The e-mails were not leaked until mid-November.

I never believed that because it was part of the “All a conspiracy to wreck COP15” propaganda blitz. (Good PR, maybe)

I read 1255100876.txt so many times but “In Lecce next week for 2 days at a GKSS summer school led by Hans VS!” didn’t register. There was so much in this one that Lecce seemed minor (Hi, gotta travel, cheers)

Did you notice that Jones Cc:’d himself? That would mean two instances of this email on the UEA server. Yet only one appears in the dossier. There is a wealth of timeline data contained therein just waiting to be grepped…

I noticed. I should have copied the top. P.Jones (uppercase) vs. p.jones (the normal one). My initial thought was that the normal p.jones was the account he downloads from, to his desk computer. If it’s something like POP then he auto-deletes from the server and has just the one copy on the desk, which is why he might feel ‘comfortable’ deleting emails- They’re not on the server and he can trash the inbox/outbox on the desk computer.

P.Jones, and un*x being case dependent, could represent a separate, travel, account. Or, non-case dependent, he ends up with two copies on the desk computer and the uppercase is his reminder that he wrote it while he was traveling. His travel laptop is setup to send as P.Jones and not delete from the server.

If P.Jones isn’t a separate account, why would he bother to cc himself though?

My angle is, while there may be typical server email archives, at least the phil-part of the dossier came from his desktop, p.jones and P.Jones perhaps being separate accounts, downloaded to separate desktop inbox/sent directories. The whistleblower knew of two copies and only bothered with one.

I think your seeing more that is really here. If this is a POP server then the only copy of this email Phil would have would be on the machine he sent it from (laptop, cell phone, or web mail). The way it works is when you send an email the local client saves a copy in the ‘sent folder’. IOW, his workstation at the CRU would not have a copy of email he sent while away. The only copy of what he sent would be on the device he sent it from. If he wanted a copy on his workstation, which is reasonable expectation, he would have to send himself one. The only practical way to get a sent email so that he would have it on his university workstation would be to either CC or forward it to himself. The sent email would still get archived on the universities email server as an outgoing email. There is no need to intercept his cell phone.

Although upper case is allowed in the non-domain part of an email address it is usually ignored due to the confusion it can cause.

Since there are emails where Phil Jones isn’t included in any of the fields, I think it’s safe to assumme that the Contents of FOIA/mail/ came from a central serve-store. Clearly, he didn’t have a good understanding of how email works (bet he does now…). He never set up a folder on the server, depending entirely on his local client when it came to managing his email.

It is an absolute certainty that he deleted emails locally, unaware that they still existed on the server.

Here’s the question- If he deleted FOIA pursuant emails from his local inbox (which is criminal intent) but they still exist at another location, is he guilty of a crime? Or does he have plausable deniability?

“he didn’t have a good understanding of how email works (bet he does now…)”

LOL, I bet lots of others do now, too 🙂

“He never set up a folder on the server, depending entirely on his local client when it came to managing his email.”

I agree and that’s why I think the whistleblower was working from phil’s desktop, not from the server archives (you could easily know a lot more about ‘this stuff’ than I do).

“It is an absolute certainty that he deleted emails locally, unaware that they still existed on the server.”

100%, however, the whistleblower didn’t need the server access, although it would make a great FOIA request or maybe the NDET could grep the server archives.

Here’s a ‘scenario’. Call it “why server access not needed”

Mosher said he found 5 passwords in the emails. I couldn’t believe it but I finally found one and, meh, I gave up on the other 4. So, the desktop/email password hypothesis was born and I gave up on central access, in spite of the problems with it that you point out (except finding an RC password for Nov. 17).

My hypothesis for the reason it’s not just phil’s desktop and not central archives is the whistleblower is savvy enough, once he made his decision, to collect even more passwords (ya know, pull out the writing tray in the desk, etc.), and have enough time to grab other emails that don’t involve phil. Hence, my dangling, unworked-on question, Who else was gone? (Heck, if phil’s gone, maybe Briffa wants to go scope out open office space at UEA and move out).

And lastly:

“Here’s the question- If he deleted FOIA pursuant emails from his local inbox (which is criminal intent) but they still exist at another location, is he guilty of a crime? Or does he have plausable deniability?”

I don’t know (Do you hear that NDET?) One thing I think I know (sorta) is a possible reason for the “illegal hacking blitz” vs. the whistleblower assumption. Whistleblower evidence can be used. Illegal hacking evidence is different. I don’t care.

“I searched the mail and found 12 emails with the word “password”. All of them were for web or ftp sites. None of them were for RC.”

I hope someone remembers the specifics but I could have combined two separate issues. There was a discussion about the initial prank upload at RC and they had a password. Maybe not from the emails. I think it’s in this topic.

Anyway, I’m on the server access track now. And I wasn’t worried about folders on servers, just that I thought it could have been done without server access. W/B had all kinds of access, apparently.

I can accept your theory when it comes to the DOCUMENTS/ folder. Looks like it was compiled piecemeal since it’s such a disorganized mess.

The same cannot be said when it comes to the MAIL/ folder. Whomever did it approached it from the standpoint of a meticulous librarian. Formatted Unix timestamp filenames in perfect chronological order. That would have been a guargantuan task if it was aqcuired in bits and pieces from several sources.

Further proof that the source of MAIL/ came from a server can be be found in 1057944829.txt. Down in the body of the message is an email Phil sent from his POP account (f028[@]pop.uea.ac.uk). If it was lifted by th W/B locally, how come it doesn’t show up in the mail/ dossier? It’s pretty clear (to me, anyway) that the leaker had admin level access to the server root directory. Whether or not he had a stolen admin password, who knows?

OK, Duke, Thanks. I need to have a narrative to try to keep the facts straight and I need to change it so I can be more correct as I puzzle some things out.

Once again, I had read the email thoroughly but I was focused on confidentiality, Yamal, etc. It’s a long one but I understand now.

So I keep my narrative for docs. I’ll adopt yours for email.
wrt “Whether or not he had a stolen admin password, who knows?”, I was talking to a sysadmin friend of mine (works for a hospital) and I mentioned my narrative. She doesn’t know much about ‘our’ emails but she thought if it is an insider she’d go with admin level access to the server.

I’ll adopt a hypothesis about the admin password that fits. Some admin wrote the password down and W/B found it. I agree, Who knows? but it’s not impossible.

“Steve [McIntyre] will keep asking me for our “software” and I’m tempted to ignore those requests, since our description of what we do with the data completely describes our procedures.”

People will want to cast a better eye than mine on all those emails (sorry, no code).

Meanwhile, John Coleman, KUSI meteorologist and founder of The Weather Channel, will shortly reveal in a special report that NASA has ‘cooked the books’ on climate change — making the US agency part of the Climategate scandal.

The report will be broadcast on TV on January 14th, at 9pm, Pacific Time, from KUSI in San Diego, Calif., USA. A related report will be available on the internet at 6pm on that date.

The full press release is available at:

One of the accusations: that NASA has replaced actual temperature data with ‘grids’ they have developed through some arcane algorithm.

This smells a lot like the problem with the Hadley CRU, who ‘can’t find the original data’.

The stink is now going so global, so comprehensively, that ‘Climategate’ may be an outdated term.

The Judicial Watch press release is encouraging (and in keeping with the sentiment in my earlier posts, though much more compellingly expressed).

Workers for private firms, like universities, can be sheltered a bit by their employers, if the employer believes they have been honest.

However, Gavin Schmidt and Jim Hansen have some additional responsibilities as regards their conduct. Saying that people who catch their errors “do not have a light on” is clearly very rude and not in keeping with conventional standards of courtesy. This does not reflect well on Hansen.

In keeping, Hansen’s trusted subordinate Gavin Schmidt is caught trying to suppress a leak by saying ominous things to private citizens. A lot of people may not understand the newly minted field of paleoclimatology, but they can recognize inappropriate manners.

A lot of people may not understand the newly minted field of paleoclimatology, but they can recognize inappropriate manners.

No they can’t. They like Simon Cowell. They listen to Rush Limbaugh and Bill O’Reilly. If they can recognize inappropriate manners, they have no moral ground to complain about such manners in anyone because they encourage such behaviors.

RomanM: For your information, certain topics are off-limits on this blog. Political or religious references, particularly meant to be taken in a denigrating fashion, are likely to be snipped. In my opinion, this one is close to being over that line, but it is Steve’s call on it.

If a Dept. of Energy employee writes that he would like to slug Pat Michaels, its not a smart thing for anyone to write, but he presumably wrote this to a co-worker in Britain. It was not intended for the public nor meant as a public threat. It does not make him look smart, but that is his business.

Dr. Schmidt seems to have gotten into a role of communicating scientific perspectives to the public in support of Global Warming through a non-NASA web site. This is an unusual role, but I do not have an informed opinion about its propriety. It may be a smallish point, in the overall sweep of the issue, but he is no longer in a scientific communication capacity or collaborating with foreign scientists, when he writes ominous things to people who have just received the information leak of their dreams. It may be that he is then only in the status of a government paid employee saying inappropriate things to members of the public and trying to cover-up and suppress what he may know is an important leak of information, not from his own country, but from another. Its odd conduct and its hard to see how this can be within his realm of professional duties.

One other quote: (Gavin) “You also might might want to thank him for bringing it to our attention. The first because he’ll ask you anyway or work it out himself, the second, because it doesn’t hurt to be gracious”

Here is a quote (from one of the emails) by Reto Reudy about Steve McIntyre. It’s pretty snarky to say the least:

Steve is the person who appointed himself the auditor of all web sites and organizations that have to do with global warming in order to debunk this “hoax”. He is maintaining a blog… a site containing among justified concerns (caveats that we all stress in our papers) obvious fabrications and vicious attacks.

Some of Reto Ruedy’s comments are downright nasty. What a waste of intellect:

The blog you attached is a prime example of what gives bloggers a really bad name; somebody with no idea what he [presumably McIntyre] is talking about is spouting absolute nonsense, making no distinctions between what is essential (the facts he consistently omits) and what is pure noise (which he is concentrating on exclusively).

“Scientists often use the term “trick” to refer to a “a good way to deal with a problem”, rather than something that is “secret”, and so there is nothing problematic in this at all.”

michael mann, ably assisted by NYT’s andy revkin, gave exactly the same explanation on 20th nov:

Hacked E-Mail Is New Fodder for Climate Dispute
By ANDREW C. REVKIN
Published: November 20, 2009
Dr. Mann, a professor at Pennsylvania State University, confirmed in an interview that the e-mail message was real. He said the choice of words by his colleague was poor but noted that scientists often used the word “trick” to refer to a good way to solve a problem, “and not something secret.”http://www.nytimes.com/2009/11/21/science/earth/21climate.html

on the same date, guardian newspaper in england gets bob ward (whose boss is Lord Nicholas Stern) to reinforce the mantra:

20 November: Guardian: Climate sceptics claim leaked emails are evidence of collusion among scientists
by Leo Hickman and James Randerson
“It does look incriminating on the surface, but there are lots of single sentences that taken out of context can appear incriminating,” said Bob Ward, director of policy and communications at the Grantham Research Institute on Climate Change and the Environment at the London School of Economics. “You can’t tell what they are talking about. Scientists say ‘trick’ not just to mean deception. They mean it as a clever way of doing something – a short cut can be a trick.”http://www.guardian.co.uk/environment/2009/nov/20/climate-sceptics-hackers-leaked-emails

btw lord stern is also vice-chairman of IDEAglobal:

Sir Nicholas Stern to join IDEAGlobal Group as Vice Chairmanam
Such expertise, will fit well with the broad-ranging economics and analysis conducted by IDEAglobal and also with the aims of IDEAcarbon, recently launched to provide market analysis and rate any asset with carbon collateral providing a standard risk measure for participants in this rapidly growing sector.http://www.ideaglobal.com/corporate/sir_nicholas_stern.html

POSTSCRIPT: responding to schmidt’s 20 nov piece, a poster on RC referred schmidt back to a november 2006 piece he’d written about lord monckton & WUWT/junkscience.com, called “cuckoo science”:

schmidt responded:
“Your theory is that once someone has a used a word with multiple meanings in one way, they are forever barred from using it in any other context or sense? Now keeping track of that would be a neat trick! – gavin”

The Crutape letters is available now, linkage found on Lucia’s website:

14 January, 2010 (17:02) | Data Comparisons Written by: lucia

Mosher and Fuller’s “Climategate: The CRUtape Letters” is now available. We’ve all been tantalized and want to learn what SteveMosher was up to during the days before the big break, and to read any other secrets they may have run down.

Steve, you may remember my post over at “Big Journalism” a couple of days ago, where I said

One question has always puzzled me is, How did “indusieumgresium” get to post the video clip “ Peer Review-1945.ca” on YouTube on the 19 November. Given what has been said here, there seems to me to be no time available to source the original video clip, install the sub titles, which refer directly to the goings on in the UEA-CRU, and get it posted.

[Steve: I didn’t see anything in this video posted on Nov 19 that refers to the UEA-CRU goings. ]

Unless “indusieumgresium” was the “whistleblower”. I have asked this question many times on the blogs and have never had any interest shown, even though the word “indusieumgresium” as made up of 2 Latin words used in botany. (trees, tree rings, bark etc.)

And I followed up with:-

The video is still available on YouTube with the time stamp in the top right corner of the YouTube page.

and

I don’t want to pre-empt anything here, but check the translations of “indusieum” and “gresium”. I have found many meanings but come back to some which suggest a grey protective layer. Also a layer to protect the sorus eg “In fungi and lichens, the sorus is surrounded by an external layer” (indusieumgresium ). (George Soros) ???

Also someone may know this person, “The choice of pseudonym plus his/her reference to N.I.H. (National Institutes of Health) suggests the author is a neuroscientist, one with a sense of humor and one too many rejection letters.” Someone at Emeritus Bishop’s University, Sherbrooke QC Canada.

There’s no danger of any of us deducing who the ‘hacker’ was. There’s minimal danger even in the case of a whistleblower I’d say. And I think the public interest argument should triumph in any case, in two ways:

1. It’s in the public interest to know who did it and why (though it’s fine by me if they wish to remain anonymous, I’m not trying to imply a moral duty for them).

2. It’s in the public interest for them to escape punishment, for all the best reasons.

I’m not a lawyer. But the law, as well as science, has been abused here. We all have to stand up and fight.

RomanM: For your information, certain topics are off-limits on this blog. Political or religious references, particularly meant to be taken in a denigrating fashion, are likely to be snipped. In my opinion, this one is close to being over that line, but it is Steve’s call on it.

My apologies. You hadn’t complained about the denigration of the e-mailers in the post to which I responded, so I was following your lead.

I was merely trying to inform you of the rules of the blog. However, from your response, it is quite clear that if your greatly exaggerated statements on tAV about having had your comments deleted on “skeptic” blogs were true, that would have been richly deserved.

Frankly, you do not seem to have much of an understanding of the science behind the issues and any of your comments which I have read are short on facts and/or completely off the mark. I don’t think that you bring anything of substance to the table. A debate with someone such as yourself whose ideas are based on belief, but not real understanding would be pretty much useless.

Dollars to Euros that the perpetrator(s) will not ever be discovered — unless they come forward. Why? Figure that charges of some kind would need to be filed. And then a trial held. The perpetrator(s) would be held up as soundrels or heroes by the respective sides, a cause celebe. ClimateGate would again rocket to multi tens of millions of hits. Intense worldwide coverage would coincide. More people would conclude the whole climate business is corrupt.

The UK government will not move on this; they will go through the motions but come up empty.

In the USA we have a show “the world’s dirtiest jobs” or some such title. They poor sod gets to try out going in sewers and all sorts of good stuff. He often needs hip waders. If anyone has a spare pair to send to both Steves as they wade through these emails, please do.

You can get to all these pages from WUWT and Climate Audit, but not any one.
I took a look at what ClimateSkeptic had on Nov 13. Just a mention of a presentation being prepared, but if you scroll down, a link to a post by Warren Meyer.

As I said before, the FOI2009.zip file was zipped on a Unix system and shows that the files in the directory tree were given read permissions to all users. The source directory or zip file either existed on the front end web server or was available on a networked computer. As to why the FOI2009.zip file was being created, I haven’t a clue.

The CRU web site ran Red-Hat Linux and Apache 1.3.27 from August 2006 to April 15, 2009. This suggests that they had little concern for security. On April 15 they switched to Scientific Linux, sourced by Fermilab and CERN. It is way behind the times, based on kernel 2.6.18 or older, and has many updates to fix security problems (just like any other Linux distribution for that matter).

It is quite possible a good hacker could have gotten through this system and into their network. While I don’t know for sure, they may have been running this web server directly on the Internet at IP 139.222.104.250 which they used from 2006.

Here are the release dates and their use of Apache:

Apache 1.3.27 2002-10-03 used until 2009-04-15 at CRU
Hacked before or near 2009-11-17 when running 2.2.3
Apache 2.2.3 2006-07-27 used until 2009-11-20 at CRU
Apache 2.0.50 2004-07-01 used until 2009-12-04 at CRU
Apache 2.2.11 (non-official release) used until 2009-12-26 at CRU
Note: Apache 2.2.12 was released 2009-07-27
Currently running on locked down Linux system with release numbers hidden and on a new IP number.

It seems very clear they didn’t care about security both before and after they were hacked. Their response on November 20, 2009 was to move in a server running a version of Apache that was much worse.

Seems to me they were asking for a hack. It is doubtful that this was done from the inside.

“> Access to the Yamal 2009 pages is currently restricted by IP address.
> Try to access them from home, then tell me the time at which you tried.
> I’ll pick your IP address out of the logs and add it to the “permitted”
> list.”

(among other things:)

It may have already been discussed but does that kind of activity mean that a hole might have been created for an outsider with access to a team player’s computer?

They went on IP blocking for security reasons and the email says that stimulated emailing of the password.

“It seems very clear they didn’t care about security both before and after they were hacked” is so true that I don’t know if I’ll know whether it was inside or outside. It doesn’t matter, does it?

We’re wide open either way (clowns). I’ll keep my narrative and not forget yours. I don’t want both… it might make me dingy.

While someone inside could have opened something up, the fact that they appear to have sloppy security suggests that it was simply an outside hack. If they had top level security from the start, then I would think that some inside help was involved.

I have the server accesss. I grab something like the mbox file(s). I go home, fire up Suse, copy the files over. Call something like mutt, and start going through them. Using hindsight, I’m saying to myself “A nugget Mosher, keep”, “No, Mosher doesn’t who is having what for dinner, delete”, “Mosher’s really going to like this one”…

That’s plausible? Maybe W/B did it once or went back a time or two, as time went on. Last time Nov. 12, Launch: Nov. 17

Yup. Gibbons made a comment about shell scripts. I’ve done a little Bash scripting but I’ve looked at some wrt compilation of programs. The insider could easily have the skills to build the keyword dictionary (from CA and maybe some of his own) and write a script to search and retrieve the backup archive of the emails. 199x forward.

I’m assuming the contents of the documents folder were attachments to emails having the keywords, perhaps further screened, plus some hand selection of directories…’May as well grab that while I’m here’. It wouldn’t take too much server access time for the downloads. There’s some post-processing that can be done at home.

Good to read that stuff again. Occam said something like KISS. No reason to wander around to desktops but phil’s being gone from Oct. 9 to Oct. 14 seems much less important. He wouldn’t have known whether he was there or not.

Levison’s server map is pretty detailed. In spite of one or two gaping holes in his analysis, I agree with his thoughts on the FOIA/documents/ folder.It’s a mess. quite a contrast from the mail/ folder. A lot of thought went in to making sure that the end user was presented with a tidy list of .TXT files in chronological order. Why did the other folder lack the same attention to detail? Two different methods of access? Two different sources collaborating together?

Not that I know all the details of a Unix mail system, but the emails look like they were automatically extracted, named (Unix style date code) and time stamped to a fixed value (1/1/2009). It should be easy to do this with a shell script on Linux. The other files were likely copied from their source to the documents folder with a GUI file manager.

It appears whoever collected the files is the same user because they all appear to be stamped with UID/GID 0x7855.

Don’t discount shell scripts. I’m no expert, but I’ve seen some very powerful scripts. It’s almost like writing a C program.

Supposing the hacker was inside CRU, if they zipped from the master directory I would expect the GID/UID to be different on the files as many users may have uploaded them. I run my company network a little different, and all the files on our Samba server have forced attributes (root level) which I like better. Most Samba servers are setup different and will record user attributes (assuming they are using Windows to upload the files to a shared server). It could also be an FTP server and I don’t know what attributes that would store (I would guess those of the logged on user), but you wouldn’t zip directly from an FTP server unless the FTP directory was also shared.

They either zipped the files on the machine that stored them or used NFS (Unix) file sharing and another Linux system to mount the remote machine and zip it from their machine.

Supposing the hacker was outside their network, the files could have been moved off their system one by one or zipped on their system and the zip moved out. Perhaps they lucked out and found the FOIA directory intact. If they had to sort through all the emails to pick and choose, this would best be done on an internal CRU system before pulling the results out. If a hacker, they would most likely be using Linux and could have zipped the files once they were on their machine. I guess they used ZIP format because most people know how to use it compared to TAR, etc.

Another note. Don’t take the file time stamps for granted. Many of the .DOC and .PDF files were created before their system time stamps. You need to open them and check the “properties” to see the actual creation time (and other interesting metadata).

Given what happened to Google, Adobe and Symantec in China, it is very possible a hacker sent someone like Phil Jones a targeted email with a subject like “Look at my latest tree ring results, link to report (exploit)enclosed.”

Perhaps China did it. They don’t like the pressure they are getting for not going along on AGW. It may not be a direct hack of their Apache web server at all, although it appears from the Netcraft logs that this was a weak link.

I started going through all the metadata, but got kinda disatrcted by writing ( hehe) The key for me is timing of the last mail and the rejection of the FOIA appeal.

Also, if there was anything like the china hack ( I spent the day with one of the guys who looked at it) then CRU could have announced long ago that the hack looked to be external. Still, If I’m on the inside and I want to get something out.. I’m gunna make it look stolen. leave my door open.

“I’m leaving for the day – I’ve had it. Damn good thing that FOIA request was denied. Sort of ironic though, the huge effort we put into compiling that set of files. I uess I’m glad. But, man, if those files were ever to be released it would be ‘Mann under the bus’. Anyways, see you later. Have a good weekend. I’ll just leave my door open for the cleaners.”

2nd to last mail on thursday Jones says he’s leaving
early on friday the 13th.

last mail on the 12th.

The final touches are being put on the FOIA
reject letter. The appeal officer has been waiting
on “some particulars” that never show up.
CRU is going to deny the request BUT they are going to promise to work with the MET to get the
whole confidential agreement thing sorted out.
we have them on record promising to do that since july of 09

Ok. LAST MAIL

Thorne. Thorne has worked on HADCRUT

Thorne asks Jones to review the attached letter

1. that attached letter ( which we dont have)
consists of “requests”
2. That attached letter has been reviewed
by the international relations department
3. Jones is told to keep the request simple.

There’s a long one to sandy and a short one to Peter Thorne, Climate Research scientist, Met Office Hadley Centre, our secret spy phil’s contact inside Hadley. (An early criticism of climategaters was “They don’t even know the difference between Hadley and CRU.”

“Steven Mosher
Posted Jan 21, 2010 at 3:23 AM started going through all the metadata, but got kinda disatrcted by writing ( hehe) The key for me is timing of the last mail and the rejection of the FOIA appeal.”

One of the things I like to do is convert binary .doc files to ASCII then scroll them fast, looking for text strings in the metadata.

One odd item-
jones-foiathoughts.doc contains a smart-tags URL (5iantlavalamp.com) which doesn’t make sense.

Unless-
he was planning on posting his “foia thoughts” on the web with embedded hyperlinks… 🙂

Backup server… Function as a cache / trashbin? Purge the “regular” server of this stuff, which is conveniently held as “oops, didn’t mean to do that” protection. Mayhaps the attachments which aren’t present weren’t “deleted”? UNIX weenies, what sayeth thou?

I think it is safe to assume that even if a .doc or .xls was created on a local desktop that a copy would generally be uploaded to the server at some point (I’ll ignore that phil didn’t have a directory…who knows what he was doing.)

Others might have at least read/copy access to another’s directory so they could comment, probably by email. Once W/B has root access, they could have easily grabbed whole directories and the hodge-podge structure of the documents folder is
1) A function of the hodge-podge way the CRUTeam did things
2) The slower, more tedious, work needed to examine and bleach the files (not with a simple shell script
3) Higher selectivity with an intention to give a spread of examples of what else one might find and
4) Help condition future FOIA requests so that the requests could be as specific as possible about the types of documents to ask for.

The hodge-podge also represents the multiple directories being examined and the files being thrown in to the one documents folder. Sorta like making a stew.

I don’t know who “they” are when you say “they didn’t care about security”. If your assumption is that the IT department is incompetent or negligent, possibly both, then I would say you haven’t made your case. I also wouldn’t say the CRU clan didn’t care either. Caring about security doesn’t necessarily result in good security. It is clear from the emails that the CRU staff cared about security. It is also clear that they were woefully ignorant on how to implement it effectively. As I have stated before, it appears that climate science is run like a cottage industry. They try to do everything themselves. Examples would be their failure to involve statisticians or software engineers where it is painfully obvious they are needed. Would it surprise anyone that they treat the IT department any differently? The university has 3 other web sites that look nothing like the CRU website mess.

My gut feeling is the IT department is, to some extent, subservient to the whims of the CRU. If the CRU wants a server with XYZ on it they get it. Looking at it from the IT side of it, my attitude would be to let them dig their own hole.

When I started here in 98 we hooked our NT development machines right up with a direct IP to surf the net. When I took over security, the web server got hosted offsite and a firewall with no DMZ was the rule. But people still do stupid things like our engineering manager who clicked on a PDF report of a late UPS shipment yesterday. Lucky the AV stopped it or I might have needed to wipe his hard drive (that’ll teach em). If you ask me, servers should be offsite so the IP doesn’t lead them to your internal net. I see all types of dumb things with our customers too, which include some Forture 500s.

I agree, when you are top dog like CRU, you can get away with most anything. My old Physics department has several different servers running for different groups and web sites so this is quite common (however, I note RC is hosted). The fact that CRU lost the raw temp data says they are not very good at IT. I never throw old data away.

My main job is Software Engineer and I don’t profess to know everything about security or hacking. Only those with access to the system logs and other data will stand a chance to figure this one out, unless someone comes forward or the Russians start talking.

A career ending move ‘at that time’. However, now is later and I’ll try to render a scenario that says it’s OK now. I’m assuming that I’m the one that did it. And, I’m still ethical.

I was an insider and I left before anyone is thinking I did. I still had external access until Nov.12 (ala James and Duke)- They haven’t changed the passwords (that’s no surprise). I wanted to stay in climate science and I know who to go work with and who not to. I’m even in the US now and I knew not to work with a Wigley associated team, for example. I’ve been ‘here’ awhile, everything is OK, no wrecked career. I like my group and I know I trust my research advisor. I have one problem, my secret. I have lot’s of positive feedback but I can’t reach closure until it’s not only my secret. I’m also aware that there could be a reaction from my new group, purely human, that would hurt what has already been established. So, before this goes on too long, I’m going to tell my research advisor. Ah ha. My only other alternative was not to say anything to protect my new research group but their only lame excuse would be ‘we didn’t know’.

My new research advisor says “Not a problem. We’ll cross that bridge when we come to it. Get back to work!

All the hornets are REALLY strategizing now that their hive got whacked. I like history but I like to be au currant so what I’m missing is not reading the emails beyond Nov. 17. They would be page turners, no interpretation required.

At 3.48 pm Eastern, only twenty minutes after Mosher posted the first CRU email, Schmidt sent Lucia a threatening email (“a word to the wise”), warning her that she might get “questioned as part of an investigation”. Perhaps the idea of involving U.K. Counter Terrorism Intelligence Officers had already been contemplated. Gavin used a columbia.edu email as part of the continuing pretence that Gavin was acting as a “private citizen”, but the routing of the email was from a NASA server.

“Digital forensic examination of the archive of emails and documents suggests that it was first created around 30 September, and subsequently added to during October and finally in November – when one of Osborn’s sets of program code was added – just ahead of the full-blown leak.

Significantly, that analysis suggests that the archive was created on a machine running five hours behind GMT, which would put it on the east coast of North America.”

Earlier in this thread several people looked at the header information in the FOI2009.zip file, but as far as I can see, none ran the unix “zipinfo -v” command on the file which produces, in part:

Actual offset of end-of-central-dir record: 64936832 (03DEDB80h)
Expected offset of end-of-central-dir record: 64936832 (03DEDB80h)
(based on the length of the central directory and its expected offset)

This zipfile constitutes the sole disk of a single-part archive; its
central directory contains 4662 entries. The central directory is 502808
(0007AC18h) bytes long, and its (expected) offset in bytes from the
beginning of the zipfile is 64434024 (03D72F68h).

Even though the last modified time was overwritten or forced to “2009 Jan 1 00:00:00” when zip was run, zip also added in the UTC time offset which is stored elsewhere in the unix system and that shows a 5 hour offset which is constant throughout the FOI files. (The second line which shows a 8 hour offset ‘2008 Dec 31 21:00:00 local’ is the offset where the zipinfo command was run [my computer – and I am in that time zone].

Now, while it is possible that the person doing the zip was savvy enough to know this and intentionally set a bogus time zone on the unix machine prior to zipping to intentionally cover his/her tracks, it is also possible that the FOI file was actually zipped on a unix machine in the EST time zone.

I heard on the radio when asked by the host to an expert, why would they (those at the heart of Climategate), manufacture the numbers to suit their predictions? The expert replied, “Scientists are people, too.”

There is a document which most later climategate commentaries (even Mosher, I think!) have missed (forgotten) likely partly due to the fact it has long gone offline. I found out today that it had been archived by the WayBackMachine (here), hence this comment.

On the early morning (sometime before 9:30 AM UK time (*)) of the November 20, Phil Jones gave an “exclusive” (phone?) interview to Ian Wishart of TGIF-magazine. AFAIK, this was actually the first Team response preceeding Gavin’s post by half a day. There are a number of things we can learn from this interview:
-technical: Jones immediately recalled splicing the instrumental temperatures to the end of the reconstructions but could not recall what he was hiding. He stated:

“They’re talking about the instrumental data which is unaltered – but they’re talking about proxy data going further back in time, a thousand years, and it’s just about how you add on the last few years, because when you get proxy data you sample things like tree rings and ice cores,and they don’t always have the last few years. So one way is to add on the instrumental data for the last few years.”

Jones told TGIF he had no idea what me meant by using the words “hide the decline”.

“That was an email from ten years ago. Can you remember the exact context of what you wrote ten years ago?”

IMO this is important as the comment seems to indicate (at least to me) that he did not see anything wrong in combining the intrumental and proxy data the way he did in the WMO graph.
-As observed elsewhere, although Gavin had informed CRU (Jones) about the dossier already on Nov 17th, he had failed to notify Jones on what was actually in there!

“It was a hacker. We were aware of this about three or four days ago that someone had hacked into our system and taken and copied loads of data files and emails.”
“Have you alerted police?”
“Not yet. We were not aware of what had been
taken.”
Jones says he was first tipped off to the security breach by colleagues at the website RealClimate.
“Real Climate were given information, but took it down off their site and told me they would send it across to me.They didn’t do that.”

– Jones found out about “release” on the morning of November 20th. It is easy to speculate (it would be nice to get a confirmation of this) that Jones had just arrived to office to find out that his emails were all over Internet, and then only minutes later Ian Wishart phones him. Anyway, it seems that during the evening/night 19th/20th (UK time) nobody bothered to inform Jones what was going on. Poor Phil!

“I only found out it had been released five minutes ago.”

-apparently IT department had changed all the passwords during the night, and Jones was unable to access his email. What did he do in this situation? He went to read ClimateAudit!

In fact,we were changing all our passwords overnight and I can’t get to my email, as I’ve just changed my password. I’ve gone into the Climate Audit website because I can’t get into my own email.

I wish my post later in the afternoon (UK time) helped him to recall the exact context for “hiding the decline” 😉

Great comment! There are so many important details which need to be kept in view to have a full picture of what’s gone on in this field. Mann and friends have long since resorted to simply making up their own ‘cover’ stories and hoping no one in the major media or science academies, etc. pays attention to all the discrepancies and misinformation.

I’ve saved the article; such items as the one you link from the Wayback machine should be saved/stored by as many ppl here as possible, and more bloggers reading this could blog about them in case they disappear even from Wayback (someone commented that if a website starts to block the robot.txt used by the Wayback machine then even previously archived articles will vanish as Wayback’s policy is to take that as a refusal to be archived at all, even retroactively).

In this post, I wrote down a contemporary chronology and recollection from my perspective. Poptech states (incorrectly):

In the end it was Anthony Watts and Charles Rotter who “broke” the story at WUWT where the anonymous hacker had originally intended.

This is untrue. Although RC-FOIA had posted links at several blogs (including CA), these had originally gone unnoticed.

The story was eventually first “broken” by Mosher in comments at Lucia’s (where links had not been posted). Mosher pointed to the link in an unrelated post at Jeff Id’s and made a series of comments pointing to some of the more colorful emails. It was subsequently publicized at CA and WUWT.

Mosher’s knowledge of the existence of the dossier arose accidentally through his association with Charles Rotter, who was a moderator at WUWT. Nonetheless, this does not detract from the incontrovertible fact that his comments at Lucia’s “broke” the story.

Mosher’s CV is completely irrelevant to these facts. Mosher is also a personal friend of mine and one of the very few people in the blogosphere that I talk to. I think that his observations are sharp and worth paying attention to, even if the wrapping of the comments isn’t always to everyone’s taste.

Mr. Mosher was only given the emails after Charles discovered it and only after he agreed not to share it. Regardless of the technicalities, Mr. Mosher effectively broke his agreement with Anthony when he published those comments at Lucia’s trying to become a glory hound and inflate his importance in the matter. This prompted the publication at WUWT. I find his actions completely dishonorable.

Nothing was “broke” by those comments as almost no one reads her blog let alone the comments. You cannot find a single news story that references his comments before the post at WUWT that actually broke the story.

Claiming his comments broke the story is like claiming the anonymous hacker broke the story by posting it in the first place.

I am sorry to hear you are friends with someone who does not have any integrity.

His CV is completely relevant when it is shown he frequently lies about his education and misrepresents himself.

I find his comments generally worthless and lacking in scientific rigor, after researching his background I understood why.
Steve: I posted a similar comment at your blog, but it is still in moderation several hours after you posted this comment here.

Mosher had my permission to post when he did. Anthony was out of reach of EU authorities, and we had become alerted that we were not in sole possession of the files. Your vendetta against him seems misplaced. While his sloppy formatting in comments drives me crazy, he is one of the saner voices on this issue. He contributions are extremely valuable. From coining the terms Piltdown Mann and treemometers, to outing Gleick, to his work with the BEST team trying to make sense of data, I personally believe is not fit for purpose, few people have been as erudite and multifaceted.

The fact that you want to attack him for being an English Major or not having been anointed a “scientist” by some divine authority just seems silly.

You say: “Mr. Mosher effectively broke his agreement with Anthony when he published those comments at Lucia’s trying to become a glory hound and inflate his importance in the matter. This prompted the publication at WUWT. I find his actions completely dishonorable.”

I know all the parties in question and, to my knowledge, you don’t. As Charles observes, your account is incorrect. Mosher was not at cross-purposes with Charles or Anthony at the time. Anthony was in transit from Europe on the Thursday afternoon. Events were moving – Gavin Schmidt had notified CRU of the dossier and CRU had shut down their server. Mosher was concerned that Schmidt and CRU might try to shut down access to the Russian FTP site.

On the Thursday, after Anthony had safely left Europe (and Anthony was worried), when Mosher noticed the link in an unrelated thread at Jeff Id’s, he publicized this link at Lucia’s. Anthony didn’t have the slightest objection to this.

Your allegation that Mosher’s release “prompted the publication at WUWT” is completely groundless. While I don’t recall talking to anyone about this at the time, knowing Anthony, he would have been glad that the story had first broken elsewhere so that he could cover the story without actually breaking it. Remember that Gavin Schmidt was making veiled threats at Lucia’s about potential criminal liability for even discussing the emails. Anthony would have been glad that someone else had broken the story first. I too felt more comfortable that the dossier had been disseminated without my involvement.

As of the Thursday, Mosher had spent three solid days on the emails and knew far more about the dossier than anyone else (other than RC-FOIA). I first saw the dossier on Thursday, following the link at Jeff Id when Mosher drew attention to it. At the time in question, we were all shocked by the Climategate emails. Over time, everyone’s become used to them. But I was dumbfounded almost to being speechless by the angriness and coarseness of the Climategate scientists.

“I immediately found the comment on Jeff ID’s site by simply doing a Google search on the ftp site link. Jeff hadn’t noticed this post because he was out hunting during the above period. This was a game changer, CRU was trying to lock down the files and we were not exclusively in possession. Anthony was in the air about to land in Dulles but the cat was now out of the bag and Steve Mosher started posting on Lucia’s blog…”

“Mosher informed CTM that the file was in the open, and that he had heard that CRU had verified that a file had been posted and that
whatever agreement there was with Anthony to sit on the information had been overtaken by events.”

That seems pretty clear to me that he effectively said “screw the agreement” and made no mention otherwise.

Reading the book again I found more problems with who located the link at the Air Vent first:

“I immediately found the comment on Jeff ID’s site by simply doing a Google search on the ftp site link.” – Charles

“Without a link name to search for the best bet seemed to check the sites without moderation, looking for a needle in a haystack.
Buried at Jeff Id‘s site (The Air Vent) Mosher found the following comment.” – Mosher & Fuller

Hmmm, well, while he may have written in a slightly self-aggrandizing manner, implying that he decided the agreement was overtaken by events, in reality, it was mutually agreed upon at the time. If not, I would have beaten him to a bloody pulp, and I obviously had access.

In my account, I said:

…we decided not to go public until Anthony returned, for all sorts of reasons including potential legal issues.

What I purposely left out of my account was the specifics of the potential legal issues. When I first told Anthony about the files, he was in the EU to testify to the European Parliament. What primarily concerned us was the possibility that Anthony was being set up, and if I sent him the files or even if we went public, some entity in Europe would arrest him for some prearranged charges, whether it be hacking, theft, or sedition, under, who knows how many, European statutes. This fear was based on our mistaken belief that we. (WUWT) were the only recipients of the files.

When we discovered the files were released at multiple locations, the likelihood of a setup disappeared. Our awareness of this coincided with Anthony approaching US soil and thus the primary reason for embargo evaporated.

I chose Mosher to vet the files with McIntyre, because, despite simple proximity, in my opinion, he was absolutely the most qualified person to do so. Was this fortuitous for him? Sure. So what? Did the press, perhaps dress this up a bit too much as investigative journalism? Perhaps. Did Mosher go along with the attention? Sure. I did as well. Did he get more attention? Yes, but he also did a hundred times more work. He does the work. He connects the dots. He’s good at that. We need more of that.

I want to emphasize one fact clearly. If Mosher and I were not roommates, from what I knew of him at the time, he still would have been the person to whom I would have delivered the files first. He was the right person, in the right place, at the right time.

Going back and looking at your article quotes, all I see is a bit of sloppy journalism, overlying simplifying the minute details of a few events, and attributing a couple of actions to the wrong character.

Your one true quote of Mosher’s from his book:

“Mosher informed CTM that the file was in the open, and that he had heard that CRU had verified that a file had been posted and that whatever agreement there was with Anthony to sit on the information had been overtaken by events.

Yes, he was the one who informed me, including forwarding the email that had been sent around CRU announcing the file leak. And as he did this, he probably was the first to say that events were rendering the agreement moot, as the reasons for the embargo evaporated, and I concurred and starting posting at roughly the same time. I did not post as much or in as much detail.

“Without a link name to search for the best bet seemed to check the sites without moderation, looking for a needle in a haystack.
Buried at Jeff Id‘s site (The Air Vent) Mosher found the following comment.” – Mosher & Fuller

Yeah, that quote is just dumb. Mosher and Fuller probably got fatigued while writing. It was likely Fuller’s wording which slipped past Mosher. Fuller wasn’t there, (as is here, in this apartment). It is an unnecessary embellishment. The kind of thing that happens when you play telephone.

“Mr. Mosher was only given the emails after Charles discovered it and only after he agreed not to share it. Regardless of the technicalities, Mr. Mosher effectively broke his agreement with Anthony when he published those comments at Lucia’s trying to become a glory hound and inflate his importance in the matter. This prompted the publication at WUWT. I find his actions completely dishonorable.

Nothing was “broke” by those comments as almost no one reads her blog let alone the comments. You cannot find a single news story that references his comments before the post at WUWT that actually broke the story.”

No the actual events went like this.

Steve McIntyre sent me a mail indicating that CRU knew about the leak. Via Paul Dennis
I told charles it was in the clear
Charles went looking for the URL as did I.
he found it, I found it at the Air Vent. It’s not that hard.

Charles, thank you for the clarification and if you want to know what my problem has always been is with these embellishments of events and incorrect attributions. I still stand by my interpretation of events as you were the one who originally found the emails and the link at the Air Vent. I have never disputed how much time he put into reading them, talking to McIntyre or writing his book as none of those were my arguments.

I also completely disagree with McIntyre that the story was broke by Mosher’s comment at Lucia’s. Another quote from his book,

“A post on WUWT attracted huge readership, and traffic tripled”

Anthony even said, “I got the exclusive story scoop” and,

“I broke the climategate story here at WUWT from my laptop at Dulles airport, Delingpole was the first in the MSM to pick it up. From there the story spread and the rest is history.” – Watts

I could not find a single MSM news story linking to Mosher’s comments at Lucia’s before the WUWT post.

I am still getting contradictory events about what happened regarding the agreement with Anthony but can confirm that he was not upset.

Poptech, I don’t know why you’re arguing about events with people who were actually involved. You say “I also completely disagree with McIntyre that the story was broke by Mosher’s comment at Lucia’s.” I lived through the events in real time and can assure that the story broke first at Lucia’s blog about an hour and a half before the first post at WUWT. It was also heavily discussed at CA, then higher traffic than now, a half hour before WUWT. Read the chronology in my post which gives exact times and links.

Note that my chronology was near contemporary (early 2010) and was constructed with a view to documenting events by someone who is careful. As supposedly opposing evidence, you provide a quote from an article nearly two years later which was not a chronology but in which Anthony said: “I broke the climategate story here at WUWT from my laptop at Dulles airport, Delingpole was the first in the MSM to pick it up. From there the story spread and the rest is history.” http://wattsupwiththat.com/2011/09/27/delingpole-on-reason-tv/

Anthony was not attempting to provide a detailed chronology in this reflection. Also if you read what he said carefully, he only said that he “broke the story here at WUWT” from his laptop. He didnt claim that this WUWT “broke” the story which was already going viral on the blogosphere, though naturally WUWT had the most eyes and expanded coverage. But CA also had a lot of eyes at the time including MSM eyes.

You complain that there was no MSM coverage prior to the WUWT story. Irrelevant. The story was initially a much bigger blogosphere story. The first MSM interviews came on Friday. On Friday morning, I had calls from the New York Times, BBC, Times, Washington Post, Time magazine… I couldn’t keep track of all the calls.

Before you waste more time on this, I urge that you carefully read and assimilate my chronology, which was written carefully and which was based on thorough contemporary knowledge.

Rereading these comments I am happy to see others here shared my concerns when I first read the Breitbart piece back in 2010,

“So Mosher got the CD from the WUWT moderator and it was confirmed that the emails were genuine by the CRU securing their servers and notifying their personal that information was on the internet? Is that all about Mosher’s role? Sorry, can’t see a Pulitzer Prize here….” – Hoi Polloi

“I was also puzzled by the adulatory tone of Breitbart’s Peer to Peer Review three-parter regarding Mr Mosher. …All good stuff. But Patrick Courrielche goes well over the top.” – Richard Drake

my problem has always been is with these embellishments of events and incorrect attributions.

Then get over it. I read every version at the time. Some were better than others. As long as important issues remained clear, I didn’t care if a writer mixed up who did what or who said what. My typical reaction to every article, including the one above was “close enough”.

I will tell you one thing with absolute certainty, Mosher did not go public without my approval. The history of this living space would be quite different if he had. Your obsession with work titles is also incredibly silly. I have been officially Vice President, Support, while simultaneously acting as Product Manager and Account Manager.

I am not talking about personal experiences but what drew in the MSM and it certainly was not Mosher’s comment at Lucia’s or her later post.

If Mosher’s or Lucia’s post “broke” Climategate then you would have found the MSM linking to it at the time but you don’t anywhere. No one but some readers of CA and you cared about any of the posts at Lucia’s because no one reads her site. I know that is hard to believe but it is true why do you think Steve Milloy never heard of here before when they first met?

What evidence do you have that the story was going viral prior to the post at WUWT? A discussion at CA is not “going viral”.

How I know nothing was going viral before the WUWT post is because I was heavily involved in debating the first release of my list at the time at various websites around the Internet which was literally published 4 days before Climategate at WUWT,

I was on skeptic sites and alarmists sites but no one brought it up until after the WUWT post.

I was also compiling MSM news stories (Fuller is not the MSM) as they were coming in and none mentioned Mosher or Lucia’s posts. You can of course provide evidence otherwise.

Ironically, your only mention of breaking the story is here,

“At 4:32 pm eastern (13:32 PST), Anthony, then at Dulles Airport en route home from Europe, broke the story at WUWT.”

Besides Anthony, the only person who I feel had anything to do with Breaking the story was Charles who was the first person to find and identify the FOIA post. I know Charles doesn’t want to take all the credit but he should, instead of letting Mosher continue to inflate his importance in the matter, that has already been shown here to be further embellished.

In my chronology here, I was focusing on how Climategate got to the blogs. How Climategate went from the blogs to the MSM is a different story. PopTech seems to assume that this was because of the WUWT blogpost, but this needs to be demonstrated rather than assumed. In my opinion, relatively little MSM interest arose from the original WUWT post on Climategate. (Readers have to recall that the pre-Climategate blog landscape was different than now.) Today, a similar WUWT article might have led to MSM coverage, but that was not the case in November 2009.

However, I don’t think that WUWT articles directly led to the original MSM coverage (I haven’t parsed this and could be persuaded otherwise.) However, my instinct is that realclimate’s story on Friday led to MSM coverage, which first arose on Friday (the following day) but was very limited: Andy Revkin, Washington Post, BBC and a few others. Andy Revkin was one of the first to cover the story. Once Revkin covered the story, other large journals covered (Washington Post). BBC also covered it early on. Because Climate Audit was the most public critic of Real Climate and because I was named so frequently in the emails, I was contacted by numerous MSM reporters on the Friday as the story broke – I couldn’t keep track of all the calls.

It took a while for the story to build in the MSM. It didn’t exactly “break” in the MSM. On the other hand, blog interest was immediately huge. CA reached 75,000 hits per day and WUWT over 200,000, a then unheard of rate, though WUWT has built on this volume.

Although there have been some academic discussions of the events, none of the academics appears to have made any attempt to interview Anthony or myself or others involved in the events and they tend to completely miss the story.

Poptech finally gets round to quoting the person who knew less than anyone else on 13th January 2010:

“I was also puzzled by the adulatory tone of Breitbart’s Peer to Peer Review three-parter regarding Mr Mosher. …All good stuff. But Patrick Courrielche goes well over the top.” – Richard Drake

The full quote is I think much more informative:

I was also puzzled by the adulatory tone of Breitbart’s Peer to Peer Review three-parter regarding Mr Mosher. It was an immense privilege to be handed one of the first CDs containing FOI2009.zip. No doubt he’d earned that trust – and Mosher seems to have been the first person outside of UEA (and presumably Gavin Schmidt) to realise quite what dynamite it contained. I’ve also appreciated Steven’s recent arguments here on CA that Climategate has to have been an inside job, not least because of the cute decision to hack RealClimate to kick the game off (a point that has always seemed dead obvious to me, however much spin about nefarious hacking has been employed). All good stuff. But Patrick Courrielche goes well over the top. The man with the deadpan expression at the top of this thread fits the heroic billing rather better, given all the facts. There again, I don’t think adulation is his thing.

Charles de Moderator then promised to explain more of the story on WUWT. I was both enthralled and satisfied when he did.

Why are you doing this Poptech? Has the order gone out to sow as much division and suspicion into key relationships of people judged liable to do damage to consensus central? In case it’s not clear already, it’s not remotely going to work. One doesn’t have have to be Mosher’s friend or roommate to see that this is pathetic.

““So Mosher got the CD from the WUWT moderator and it was confirmed that the emails were genuine by the CRU securing their servers and notifying their personal that information was on the internet? Is that all about Mosher’s role? Sorry, can’t see a Pulitzer Prize here….” – Hoi Polloi”

AndrewK

This isnt even wrong

Anthony and Charles called me in because of two concerns

A) the mails were fake
B) the mails were real and Anthony was being set up while he was in the EU.

My first task was to address A.

I did this by reading all the mails. I spent time on the phone with steve reading him mails in the stack that were from him.
I had to first find these mails and next read them to steve since I was not allowed to send him the mails.
The presence of Steves mails convinced me the stack was real.
I also found a mail about Revkin that was very telling.
I also found housekeeping mails– out of office replies– that gave me confidence that the mails were real. The idea that somebody would forge these appeared slim.

At the end of two days I gave my conclusion to A.

That left option B.

personally I felt option B was a long shot. And I had no way or eliminating it.

Then came thursday morning and Steve Mc sent me a mail announcing that CRU said the mails were loose on the internet

This sealed the case on B. Hoi Polloi is wrong. the mail from CRU didnt prove to me the mails were real. That had already been decided. Of course it made me happy.

With Issue B addressed by the CRU mail, I wrote to steve Mc and explained
that the cat was out of the bag. in other words Anthony’s site was not an exclusive drop point. The agreement was to protect Anthony from case A or B.
Both were addressed. I explained this to charles, I wrote that we had to contact Anthony. Charles agreed. I was released from the agreement. So I then broke the story on Lucia’s and CA. Knowing that Anthony would break the bigger story from his perspective on WUWT. I informed Andrew Revkin, and charles was also in contact with some folks, ask him who. I dont know.

My roll. I was lucky to be living with Charles. If I wasnt, he and Anthony
would have had to get me the files some other way. Also, if I wasnt living there I would have broke the story earlier.

They thought I was qualified to judge the authenticity of the mails.
Later in the Gleick affair, Anthony would also ask me my opinion on this.
Why? I dunno, maybe cause I have experience working with texts. i cant recall where I got my experience working with texts. Not that it matters, people who knew my abilities to read tons of stuff with good recall, trusted me to do the job. Maybe they were wrong. Ask them.

Breaking the story. The first public notice was at Lucia’s. That broke the story.
later other people would break the story each in their own way. gavin broke the news, Anthony broke the news, eventually the MSM would break the news.

I take no credit for the MSM coverage. it sucked. That’s why we wrote the book.

“Is that all about Mosher’s role? Sorry, can’t see a Pulitzer Prize here…”

Exactly.

“I was released from the agreement.”

Who released you? Charles or Anthony?

“So I then broke the story on Lucia’s and CA.”

Posting a comment at a blog about another comment(s) (containing the emails) existing is not “breaking a story”. Using this logic the anonymous hacker “broke the story” when he posted the comments in the first place. And anyone who was the first to post about it at another site “broke the story” there. Not to mention, you were not aware of the emails existing until Charles told you about them.

“Also, if I wasnt living there I would have broke the story earlier.”

What does that mean? You would of just ignored the agreement?

Steve: As a matter of fact, Mosher’s posted link at Lucia’s, when combined with his early commentary, did break the story. Prior to his comment at Lucia’s, no one had access to the Climategate emails. Afterwards, within minutes and especially within a couple of hours, it went viral. Mosher did more than post the link. He had read the emails before anyone else and identified many of the most notorious emails. And dont underestimate the speed. Climateaudit received so many hits that it became almost impossible to access (fortunately Anthony and Pete H figured out how to move CA to wordpress and it was re-established at a new site (but I lost the prior traffic records). When the people involved in the events agree that Mosher’s comment at Lucia’s broke the story, I don’t know why you persist in arguing.

C’mon PopTech, reading is not THAT difficult. Put your quote in context:

“I wrote that we had to contact Anthony. Charles agreed. I was released from the agreement. So I then broke the story on Lucia’s and CA.”

Remember the bigger context: Anthony out of the loop. Mosher and CTM see one another a lot as they are housemates. Same paragraph, previous sentences. I’ll make this a fifth grade test:
1) The author of the above quote asked a question in writing. Who did he ask?
2) The author received an agreeable answer? Who answered?
3) “Anthony” was not available. Who was available to release the author from the agreement?

I know this is a more difficult test because most tests have different answers for different questions. But I’m sure you’re up to it.

Steve, prior to Mosher’s comment or Lucia’s post both Charles and Anthony had access to the emails. Neither was “alerted” to them by Mosher or Lucia, it was actually the other way around. Charles was the one who alerted everyone to the emails and broke the story. So if alerting people to them is the criteria then it is clearly Charles not Mosher who was nothing more than a courier. People are free to believe delusional things all they want, that does not make them true.

Knocking a website offline does not take much if it is setup improperly, there are many ways to DDOS a poorly setup site. Also, notice that Anthony posted an “Update” that ClimateAudit was inaccessible as it was not when Anthony first posted the story,

“UPDATE1: Steve McIntyre posted this on Climate Audit, I used a screen cap rather than direct link because CA is overloaded and slow at the moment.”

Thus clearly implying that the posting of the story at WUWT is what made it go viral and took down ClimateAudit. I have done various research to confirm that no body except Lucia talked about Mosher’s original comment.

Some of the people involved in the event believing Mosher broke the story does not make it true. I am also not discussing whether he read the emails ect… at that has nothing to do with my argument. Not to mention, it requires no special expertise to read emails.

You say: “I have done various research to confirm that no body except Lucia talked about Mosher’s original comment.” Again, you’ve got matters wrong. As counter examples, both Gavin Schmidt, myself.

In addition, as I stated in my chronology, comments began at CA relatively soon after Lucia’s when Mosher began posting excerpts at CA. I was then more active blogging than at present and CA had very large traffic in its own right at the time. There was very active controversy at the time about Yamal and I had just been the subject of a profile in Wall St Journal Europe here Mosher’s first excerpts were posted on a thread noting the publication of this profile on Nov 17. In the evening of Nov 19, I transferred these comments to a new thread (thus the thread has a timestamp later than the first comments.)

Gavin Schmidt was the first to know about the files and must have been following the blogs to see if the story would get picked up. He showed up at Lucia’s within minutes of Mosher’s comments, trying to make Lucia worry about legal threats.

While the first WUWT thread referred back to CA, there was wide coverage of Climate Audit elsewhere. Revkin’s story, for example, referred back to Climate Audit. The Real Climate story also had an important role and readers seeking the other side of the Real Climate story would then tend to look towards Climate Audit. You say that it was the WUWT story that caused the traffic overload at CA. WUWT obviously had the most eyeballs, but at the time CA traffic was also very large and had an audience that did not entirely overlap WUWT, particularly in the MSM.

Further, regardless of the precise roles of the two blogs in disseminating the story, you are ignoring Mosher’s distinctive role in being the first person to present excerpts from the voluminous emails. Anthony relied on Mosher’s excerpts in his first post on the topic (a post which linked back to CA.) While Anthony’s original post did not mention Mosher as the person who had read and located the emails, in retrospect, that would have simply been due to preoccupation with other issues, rather than a slight to Mosher.

I now have 4 unique comments that are being held in moderation.
Steve: CA has longstanding policies to try to keep threads on topic and which discourage coat-racking one issue onto another. This thread was about the original timeline of CLimategate and all your comments on this topic have been allowed. Other comments pertain to your disputes with Mosher’s resume which you have raised at your blog and where interested people can attempt to comment. Indeed, I attempted to comment to your blog on this topic, but you did not permit my comment through moderation. You already have a thread on your blog on this topic and editorially I prefer that you don’t coat-rack this topic onto a discussion of CLimategate chronology.

That is bullshit. I only commented on his involvement in Climategate here, while others made comments on his resume. You have allowed multiple comments through discussing his resume but refuse to allow me to respond to them so it appears as if I cannot. Hypocrite.
Steve: I have also moderated responding comments. I try to be evenhanded in such matters. I have a long editorial practice of discouraging food fights and coat-racking for editorial reasons. If I have been somewhat uneven in moderation of off-topic coat-racking, I apologize. Moderation is a chore and I’ve been busy on other matters the last couple of days. It would make matters easier for me if you identify any responding comments which you believe ought to have been moderated as well so that I can deal with them as well.

For readers interested in Poptech’s complaint, he has a blogpost on Mosher at his blog (link) and interested readers can discuss the topic there. As I mentioned before, I (and, it seems, others) have attempted to discuss post comments on the thread, but my comment was not passed through moderation. Nonetheless, this seems to me to be the correct forum for Poptech to pursue his interest in Mosher’s biography.

Bringing potential closure to PopTech’s claims about Mr Mosher at his own blog (in which s/he has restricted all feedback), I wrote the following:

Would you agree that getting a scientific article published in a major journal is reasonable evidence that a person is a scientist?

If so, then I suggest it is time for you to eat your words and rethink your perspective on just who is a “scientist.”

At age 9, Emily Rosa conducted a simple yet high quality study. When she was 11, her study was published in JAMA. “George Lundberg, editor of JAMA, aware of the uniqueness of the situation, said: ‘Age doesn’t matter. It’s good science that matters, and this is good science.'”

Being a scientist or engineer doesn’t require that one be paid. At age 14 I personally did high quality software engineering work for the GE Corporate R&D center that garnered me a nice letter of recommendation and a week off from school. Was I a professional at the time? Nope. But the professionals there thought my work good enough that they used it every day for many years.

And just because a person has only written packages or libraries doesn’t make them any less a software developer. Should I claim that only a person capable of doing the kind of software I can do is a “good” software developer? Ridiculous.

Should I claim that because one of my college buddies was a Bio major that he couldn’t possibly be a “real” software developer? Ridiculous — particularly because without further education he recently finished a distinguished career at a major S/W company writing software.

I’ve never met Mosher in person and I don’t always agree with him, but he’s hardly the overreaching unethical liar you project.

To put it most simply: your complaints speak much more about yourself than Mosher. Please think about that for a while before you write any more, PopTech.

[edit: I will further add that having checked various dictionary definitions of “scientist”, PopTech limited him/herself to selecting definitions that involve working professionals. The broader definition as anyone who does good science is widespread.]

Re: Poptech (Jul 8 04:15),
I don’t know why my post-copy was released here. AFAIK this conversation belongs on your blog. I posted the same thing there. Release it there and we can have a good conversation.

Speaking for myself, I’m not interested in the responses. You have to my mind messed up a CA thread about some important history. I’ve been to your own blog and found the approach to Mosher (and Eschenbach before him) totally uninteresting. Other mileages may vary but that’s the place to discuss any of this. Respect to Steve for his apology to you.

In saying this I’ve certainly been influenced by Anthony Watts on 16th June:

More than ad hominem, Poptech’s post is about spite over being asked to stop thread bombing WUWT over his dislike of Mosher. I warned him at the time that such things may backfire. One of the downsides is that I’m not going to let him continue to threadbomb here. If Mosher makes a claim that is relevant to Poptech’s attack piece, then sure, it will be allowed. But the pattern where he posts some rant about Mosher ever time there is a comment by him or somebody mentions his name will most certainly immediately go to the bit bucket. I’m not protecting Mosher, quite the contrary. I’m protecting WUWT from being hijacked by a food fight.

None of us have time to investigate every point, however trivial. But if someone begins to disrupt threads as Watts describes it’s a major turnoff to me. Whatever your cause is you’re not doing it much good.

[…] by Jeff Id on January 13, 2010 The amazingly simple backstory of Climategate is told here by Steve McIntyre. If any of you have questions about what anyone knows about how the files came to be, Steve did a […]

[…] According to Steven McIntyre, it seems Mosher received the CD in question from Watts Up With That’s moderator, CTM (Charles The Moderator), who made a CD copy of the Climategate dossier that was left on accessed from a held/unmoderated comment left on What’s Up With That around the same time that it was left on The Air Vent: On the evening of November 17, at around the same time that links were placed at Jeff Id’s and Warren Meyer’s, the same comment with the same link was also sent to WUWT, a moderated site, where it caught the attention of moderator CTM, who notified Anthony right away. Both Anthony and CTM downloaded the dossier. Anthony was in Europe attending a conference and didn’t want to do anything until he was back in the States and pledged CTM not to disseminate the FTP link until he was back in the States. As a precaution, CTM made CD copies of the zipfile, giving one of the copies to Mosher, who began poring over the emails […]